Overview

overview

10

Static

static

1

1854def346...c9.exe

windows7-x64

10

1854def346...c9.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    48s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    22-02-2023 04:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1854def3463ceba21ad0d86592424845ce932e826419525bbbc543682fd2f9c9.exe

  • Size

    75KB

  • MD5

    47f3e71a1b1eb4a939d5f17639514334

  • SHA1

    d0c6afe81342ee81389864791c67e9b29e2939f2

  • SHA256

    1854def3463ceba21ad0d86592424845ce932e826419525bbbc543682fd2f9c9

  • SHA512

    26744d0164366fa3786f449b9fb0971c57b5b526e2cfff907e4077c1e6337c4a9ff7529248fae084b68a6abbc11a68b6ccda6d01b1dfb1526e3bcd4dd6f209fa

  • SSDEEP

    1536:9aX51pVH9hsgNGLs6BLM1frxz/HTfcKKBaJGbf:OfJGLs6BwNxnfTKsGbf

Score
10/10
quantumransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\README_TO_DECRYPT.html

Ransom Note
ALL YOUR DATA IS ENCRYPTED by QUANTUM What happened? All your files are encrypted on all devices across the network Huge volume of your data including financial, customer, partner and employees data was downloaded to our internal servers What's next? If you don't get in touch with us next 48 hours, we'll start publishing your data to the Data Leaks Portal / TOR Data Leaks Portal How do I recover? There is no way to decrypt your files manually unless we provide a special decryption tool Please download TOR browser and CONTACT US for further instructions Hours Minutes Seconds

Signatures

  • Quantum Ransomware

    A rebrand of the MountLocker ransomware first seen in August 2021.

    ransomwarequantum
  • Modifies extensions of user files 3 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Deletes itself 1 IoCs
  • Drops desktop.ini file(s) 26 IoCs
  • Modifies Internet Explorer settings 1 TTPs 33 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\1854def3463ceba21ad0d86592424845ce932e826419525bbbc543682fd2f9c9.exe
    "C:\Users\Admin\AppData\Local\Temp\1854def3463ceba21ad0d86592424845ce932e826419525bbbc543682fd2f9c9.exe"
    1⤵
    • Modifies extensions of user files
    • Drops desktop.ini file(s)
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1232
    • C:\Windows\system32\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\\006C29B0.bat" "C:\Users\Admin\AppData\Local\Temp\1854def3463ceba21ad0d86592424845ce932e826419525bbbc543682fd2f9c9.exe""
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:1992
      • C:\Windows\system32\attrib.exe
        attrib -s -r -h "C:\Users\Admin\AppData\Local\Temp\1854def3463ceba21ad0d86592424845ce932e826419525bbbc543682fd2f9c9.exe"
        3⤵
        • Views/modifies file attributes
        PID:592
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\README_TO_DECRYPT.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1564
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1564 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1588

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c3fe71c759f708f409a81c9d27684d40

    SHA1

    9952269107e4c33a3c26d533e10eaef6dabc893c

    SHA256

    9e3d640a6b667ac8f1161db3d89c3e0983ba00bdcf7a7367d1c02d096593f3d2

    SHA512

    749fc8346cbf5b5b59eeb820755babb9b7f2bb87c12aa918fa65dae1119a4b17e26c62f7daee36c7531dcafcbd20a4b57572ced061cf484263921c6b5784bb7f

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    604b82f7d17ef1cf38aaede38ef8ad94

    SHA1

    bf193c5544abbcbbe9a57d717b258f0cb1fdf8cd

    SHA256

    e4eb542b4e0c46e35037b3dc3e0ddec5a512817bda6e17989d148b68ca766029

    SHA512

    6294e6c7c418162cadebc5c653b15cd72b07e31a2601d22cb461738273619d737cc58eb55792e1ed5a82a227707b90ea50d7f4d3d42c80a2720f7fa07987b685

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    848ffc77b21eaee388d9f8e6adb27a56

    SHA1

    25406145c2444a3e8f0264b9b3f2f324ac239240

    SHA256

    a8388c2404d1c724fb2bcc138449daa0b12deb3ee2d4b3dc36420aca1119b5d2

    SHA512

    c261ee1c32191b0b57b1a184fec61275dcb92ee83a0aa261145d3ec3a91bd9d0c0aa7c186f58dfac555cefd5a10cc27ebb010ab3c775785f6a97e696e3d32fc3

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa8a90b39c2105c6087dff202087d34a

    SHA1

    8f8c89fec3745e2616c5ed548a6024b8289276b4

    SHA256

    851326fa084404c690970cdc08bacdfa3c54cbeef48211c109af034830cebdc6

    SHA512

    f6bda1e96f4df411e49a333b07982f4b9c8c2202bde5d2a826185b24e7963d30373d6ea2c7cf0c70dab877985a70b2913abd145df39e86df86c018d7b3f245b1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    efa4d1e191c7d8b73546730c4cc78564

    SHA1

    21b3eba241fbad5eab112627f6cbc71431796492

    SHA256

    b9bf8ea0aa75b9bd53117a3be16e82ffa4be89f50b880a61fcbb9daaf8ec2008

    SHA512

    0b04f578a5653e41d14ad245e80625264b0dbdbca806c86d286982d3792d416843f858c47dd0f5651765ed18ccd64038f2473d1bcbfb8176758e591b0aa8e976

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c42cb38503dd44f150e54dd1f4fe2cc4

    SHA1

    5a276e48596c2574d842d0734e70e712bd1fd386

    SHA256

    a31abbf762698d431da98127e79f92016aabdcca00c44faa7b6458ccf363241a

    SHA512

    24b32106b883cdea59ebb58cfa24005283bebe8e5068bf4d231b3b7a6fd01f440b3cade5b7446d5afaba3682b56c9c958ae624c01f8c8e17860dddacbd4c3206

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    72c33d3a27534f64a22f7d7422b1480c

    SHA1

    4218073fc402c17d401d10e4c882183e811ffdc2

    SHA256

    b1dd1ce691d5720f1755288037b4f0939e1ce51896de10ef873c52c999d88b81

    SHA512

    16e904c98ece8fd662e113134573d56baa0c70bcde7109cbf6854056a3ece8b35742c5b6279e9e054b7f7bff687483984735e7bf46a8c63f39db511bb92480ff

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c5ebd7a4ba6e21966405a3a21ed5b99

    SHA1

    f6350b2294b380e06e4ad77a34a535a5d5a3cd83

    SHA256

    e7e17b40da382f792d27389d0b9ecc0429e640e14c5cd6973857f3b1a236d5e4

    SHA512

    aa1f1b5a673c08d9e411210624d153f64b4bdced8944fc324829148991b092bdabe4f4e710d0ccdf6921a128e8fbb96e19e07d58b1f892475f419300a6bfcec1

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    69d4263e5b978137b1a5ab7572e2713b

    SHA1

    9eb515dd604481cbb99a7e6a2158cf6a25731154

    SHA256

    5142048718ae365e77b546008bbf049cbe866681ce547c67185d697fbfe15941

    SHA512

    178a69560ef5e2469c1b9fc3b85f8638d182c6a37850b45258a5696d70b9fe272277d92b3ab58561a51ebceba724f626b858e1f103e26bbfb430e7b1091eef29

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\006C29B0.bat
    Filesize

    65B

    MD5

    348cae913e496198548854f5ff2f6d1e

    SHA1

    a07655b9020205bd47084afd62a8bb22b48c0cdc

    SHA256

    c80128f51871eec3ae2057989a025ce244277c1c180498a5aaef45d5214b8506

    SHA512

    799796736d41d3fcb5a7c859571bb025ca2d062c4b86e078302be68c1a932ed4f78e003640df5405274364b5a9a9c0ba5e37177997683ee7ab54e5267590b611

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\006C29B0.bat
    Filesize

    65B

    MD5

    348cae913e496198548854f5ff2f6d1e

    SHA1

    a07655b9020205bd47084afd62a8bb22b48c0cdc

    SHA256

    c80128f51871eec3ae2057989a025ce244277c1c180498a5aaef45d5214b8506

    SHA512

    799796736d41d3fcb5a7c859571bb025ca2d062c4b86e078302be68c1a932ed4f78e003640df5405274364b5a9a9c0ba5e37177997683ee7ab54e5267590b611

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab72C3.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar7383.tmp
    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

    Download Submit
  • C:\Users\Admin\Desktop\README_TO_DECRYPT.html
    Filesize

    7KB

    MD5

    3f6a8aa8547d92754f0a0082fe56507e

    SHA1

    f457d1a3e6b62a1e3d57ec4a8da1ec44f60344f9

    SHA256

    5d1b55e0d5f48d1215656c9ee319112219dd03b33364825118d89c2f856c7fa1

    SHA512

    2656588d522b78fd741addd096e6dbbf29b54b8ff2c09899b48ad53aed98e45aad34aa6e2947e59e4c60e0e1123c237e9f7c2a27feeeec8bf02960c3502c05f8

    Download Submit
  • C:\Users\Admin\Desktop\README_TO_DECRYPT.html
    Filesize

    7KB

    MD5

    3f6a8aa8547d92754f0a0082fe56507e

    SHA1

    f457d1a3e6b62a1e3d57ec4a8da1ec44f60344f9

    SHA256

    5d1b55e0d5f48d1215656c9ee319112219dd03b33364825118d89c2f856c7fa1

    SHA512

    2656588d522b78fd741addd096e6dbbf29b54b8ff2c09899b48ad53aed98e45aad34aa6e2947e59e4c60e0e1123c237e9f7c2a27feeeec8bf02960c3502c05f8

    Download Submit
  • memory/1564-293-0x0000000002F00000-0x0000000002F10000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1588-294-0x0000000003110000-0x0000000003112000-memory.dmp
    Filesize

    8KB

    Download