Analysis
-
max time kernel
97s -
max time network
99s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
22/02/2023, 02:43
General
-
Target
511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe
-
Size
64KB
-
MD5
0c4c33d99a04d6e47e2338949d470bce
-
SHA1
eb61609571bf629079f685fb66a931df20b6b12b
-
SHA256
511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280
-
SHA512
a7eb1b0489ca94a0ac18ac40b974e9ba3a4082865129eb21001596ef7b37ac4655fdd6dbcb703c193ba2250ee0af620b9c674c52de21feffb51b4be56b3acb56
-
SSDEEP
768:GnJ9uwtbJD/QpEdTrArzVpCK1w22TYgNvCJ037FLxZKQJRNz0TqXfJCju0L:G+wr1AB0AwB57F9npz0Ta4ju0L
Malware Config
Extracted
C:\Users\Admin\Desktop\README_TO_DECRYPT.html
quantum
Extracted
C:\Users\Admin\Desktop\README_TO_DECRYPT.html
quantum
http://tijykgureh7kqq5cczzeutaoxvmf6yinpar72o3bxome7b44vwqxadyd.onion/?cid=5dbde59c615c8fb9346c52ea827b67c578d5a31382b27ddcebdc11b4ec12b446
Signatures
-
Quantum Ransomware
A rebrand of the MountLocker ransomware first seen in August 2021.
-
Modifies extensions of user files 11 IoCs
Ransomware generally changes the extension on encrypted files.
-
Deletes itself 1 IoCs
-
Drops desktop.ini file(s) 26 IoCs
-
Modifies Internet Explorer settings 1 TTPs 38 IoCs
-
Modifies registry class 5 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 12 IoCs
-
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe"C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe"1⤵
- Modifies extensions of user files
- Drops desktop.ini file(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\\006C364D.bat" "C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe""2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\attrib.exeattrib -s -r -h "C:\Users\Admin\AppData\Local\Temp\511c1021fad76670d6d407139e5fef62b34ca9656fb735bd7d406728568fa280.exe"3⤵
- Views/modifies file attributes
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\README_TO_DECRYPT.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1636 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD50b391aa89d3dc3036c72b7e65b71c90f
SHA167fccab552a52095bd8bee9c3dc1d184e1050381
SHA25667baef66a414906266bb3e8dd1c8162b258c960ca00ea3810189a6da6709ee84
SHA5123040492f180f1473dfeaacba7796008c84ffacb03e66a60aa56c4ed33bc59bc704e3b873b92561fdb4aaee0b127830a93b9c863807c802a9e40ae93612abf4be
-
Filesize
342B
MD52c1dc39c1d8b7616f69fdd4629855abc
SHA100d3df1702abf89e7464e792a1cd56451999c7ea
SHA256418bb9f8574f460999e31b4359f6cec32f06e0d5d341ec9cd3ca8f3426816174
SHA51245bc58500c82cfce3f932b4c2f3bd30a231a42219a1e5d57456e8365719c2d17edafd423a3d248c5638b426d2c6f82f1a05898a5df988341cc28095fd8c6b69d
-
Filesize
342B
MD5c8708c766de49e8d6cca893630b997b4
SHA1c09cac77904b45e6a619677dbce600e426d2f7c6
SHA256dd7ffa3699c5c356251179ec949051178a355b36163589702115cc1c2bf292eb
SHA5122f920ae884e7b2c0a8c0f25f1c69189377c2adb6aa1f9d6677b5023751e3947005fa542b16d9d997872afcd3c47eb3b39c2fc9bc3a3b3503709e9790d03903cf
-
Filesize
342B
MD571866353eb1b92606c4c9d656e95ce12
SHA1e53b6cd799cfddd027939851c6211a5777f00ce7
SHA25659f6680e368bdcc4fa870fc8a2197366e0aede78a07e776121667065ea79c89a
SHA5122562ea32b3fa60aff97e6eaedd8c2c0a079e15104403fb197939b72b5a9dbb6fefdaf6f6b427ef5d0ed7f1c11075bc53e0b457980239a42a981d21af8ec03d66
-
Filesize
342B
MD54a9c4300026bc9c74b8b3075dfc9e160
SHA1a67d933427cb9f20069f270c5e7666755dfe0f2b
SHA2565cb64475ad3a7b9eeddaa67ca26aa3df87842824f1518870ff63535155b28831
SHA512e49b0f58915a805ae569758c6441ff2c1eac7967ad513212c940c5de03164965f50239feb3e45fb98268248d67b59b48c1b5d5bf439d9e6b4490eb6b9b3b0dac
-
Filesize
342B
MD5bb705a8d05121bfa636b1cc03002af49
SHA17b300f3c9fa9a45e1026f2e9b46a4186908e8840
SHA256edbb4c1768b59d7640014445dd53e84c00725705ed2a0208c8767e55ab8c8cb8
SHA512e30d1397fa37f9c6e161cbdc5ef3a83437b73203d3f955106a9e06207c7535ac11ba5049c5f69e66b21b40a27bb00d54506c9439f80ddcc19a9cc0cccf0bdf2d
-
Filesize
342B
MD5e334e92532e902645aa36aa2b3d89ea6
SHA1a95f511e7ea7506738b6a6e111813e4270246c92
SHA256a22f9d2ed22ab35cd5d4eb50246c15bcad5d050570119b139ded39ace5d940fd
SHA512860e177c7e951ebb55aa039570a932d6a6da2b647e7bad5beb09c5cb664a26dc11fb8968d579a429f4ecc6094a136883ddb2c9ecd7a41267f39a4706b20b414b
-
Filesize
342B
MD580c127e9baa37c8014088557fa71c0dd
SHA1ddc81ea7db61a5ed08989801d20b720a29764915
SHA256797d478846c1687749d5a76fd4782077a9a296e03bedd6c6238249c3ba04c150
SHA512117f61f9d8540f36d63e20c45491e825728f305def1ccc5bc0b4232e822ef37cf20a71ebd118e29f76e0edd2cc147c022b058f88bb3cd37d6f149589c5b863bb
-
Filesize
342B
MD5fa9bac2310329b6b404025bedb7b9f57
SHA1d1a47ed51e0a41cdef178a1d292746cac8da6da9
SHA256c47ba804773478e5ca2ae9b49ef4593554abf4da8d2cf9d11479446c72a780cd
SHA51273ffd245cd2fa5dab32aa8e4aa70741e008a7c6e502cc69cb2e464def25a56088bd1df437f9908356df0b704216d546a0ebdc627709657292730239e8680ef6e
-
Filesize
342B
MD5aa38cd9b64094dc7cb3cbde132987023
SHA1c35f6d6dbf738e39c4d26f7860e9a7ebb43a6357
SHA2569b30df0d49310ace1d3d634d8c32e457a609bb1a33213f2b0ee3f1850240b9c3
SHA51296e654069ce9b76474c76d8c350e76cf0ea5567d7f0e340030225a95f78b674037284bd50297f04c092daa24d7a971dbe52a45ca32b85249fe57fa16463720aa
-
Filesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
Filesize
65B
MD5348cae913e496198548854f5ff2f6d1e
SHA1a07655b9020205bd47084afd62a8bb22b48c0cdc
SHA256c80128f51871eec3ae2057989a025ce244277c1c180498a5aaef45d5214b8506
SHA512799796736d41d3fcb5a7c859571bb025ca2d062c4b86e078302be68c1a932ed4f78e003640df5405274364b5a9a9c0ba5e37177997683ee7ab54e5267590b611
-
Filesize
65B
MD5348cae913e496198548854f5ff2f6d1e
SHA1a07655b9020205bd47084afd62a8bb22b48c0cdc
SHA256c80128f51871eec3ae2057989a025ce244277c1c180498a5aaef45d5214b8506
SHA512799796736d41d3fcb5a7c859571bb025ca2d062c4b86e078302be68c1a932ed4f78e003640df5405274364b5a9a9c0ba5e37177997683ee7ab54e5267590b611
-
Filesize
61KB
MD5fc4666cbca561e864e7fdf883a9e6661
SHA12f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA25610f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d
-
Filesize
161KB
MD573b4b714b42fc9a6aaefd0ae59adb009
SHA1efdaffd5b0ad21913d22001d91bf6c19ecb4ac41
SHA256c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd
SHA51273af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd
-
Filesize
601B
MD51868976d152db5c1fbf135e28a23247d
SHA1d074c7d7e61705043722acd1ef09fdf548cff3e2
SHA25696575a26e260e2aa4aec1188cd5472e0ca9349805590f73ebd7f9b3d6bafd2cd
SHA512a0b830c816a611c7b600c94992aa1c88f4acc7d0c7805f4b6a3e05588ff72d35b6e6ef7d5e56c3df9135b12fccd4487db38c8e14d4a675844281450fa5b9c488
-
Filesize
2KB
MD52e98aa73af7f70b1093ebbadcc159516
SHA1f8ae4add527887e0e09713653f96e98663196732
SHA2565abd65d8a846737eda80da5ab5ddfd6771a0e4dee4996690edf47c54ad54bc63
SHA512875bc7c172a976fd8bb40301e3db424aaa7d1adfb0a8ff1e4c1b24cab40f4a5b5e217f939ccc40af4f12b1dd2860c4a0435667d999b8ab71e733ef1819d09657
-
Filesize
2KB
MD52e98aa73af7f70b1093ebbadcc159516
SHA1f8ae4add527887e0e09713653f96e98663196732
SHA2565abd65d8a846737eda80da5ab5ddfd6771a0e4dee4996690edf47c54ad54bc63
SHA512875bc7c172a976fd8bb40301e3db424aaa7d1adfb0a8ff1e4c1b24cab40f4a5b5e217f939ccc40af4f12b1dd2860c4a0435667d999b8ab71e733ef1819d09657
-
Filesize
8KB
-
Filesize
64KB