Analysis
-
max time kernel
112s -
max time network
117s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
-
submitted
24-02-2023 00:33
General
-
Target
sample.zip
-
Size
32.2MB
-
MD5
b9a4b2205fab2dad760abdbc739b3fb1
-
SHA1
c4b70f8dcf203567f310e97436bad9b08be08ad3
-
SHA256
204ad9cc8149d5f6f24e76ac18883c4843081878397ad9cf2dc29842fc28f277
-
SHA512
c3e7c4c84e407fd07aee467eff5218b5c9cb62e5bc07551153ed6c501b83697899a736e0c0a47a1cbaba4bae25aefaba97b112c15859b71e4c94f1f8a622835d
-
SSDEEP
786432:6Ah0EeJmxWNeioD1NQ4mnqhGwGhV8fhHHvVdr:6thNNeT1UwGwBPz
Malware Config
Extracted
C:\README_TO_DECRYPT.html
quantum
Extracted
C:\Users\Admin\Desktop\README_TO_DECRYPT.html
quantum
http://tijykgureh7kqq5cczzeutaoxvmf6yinpar72o3bxome7b44vwqxadyd.onion/?cid=ac76ebfba8f313e3035387cd174939e0388eb268ddbd1c8201799fd203769b39
Signatures
-
Quantum Ransomware
A rebrand of the MountLocker ransomware first seen in August 2021.
-
Modifies extensions of user files 4 IoCs
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s) 24 IoCs
-
Program crash 1 IoCs
-
Modifies registry class 5 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 6 IoCs
-
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\sample.zip1⤵
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exerundll32.exe quantumlocker64_faf496.dll,RunW2⤵
- Modifies extensions of user files
- Drops desktop.ini file(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\\0E58678F.bat" """3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\attrib.exeattrib -s -r -h ""4⤵
- Views/modifies file attributes
-
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4416 -s 3923⤵
- Program crash
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2KB
MD5b7f6959164e820e178cf8a31fe982940
SHA1ade9490ff6c1e393ad44756274f0999770ae05e7
SHA256fc88a0e27b674dede4ec1535cd3210481719c1ea98d44558ca413fbcbbf1df49
SHA51241ff1781645a00dc5f7c9ad27016ea3a47b02ed04d0e34068f105cf74387d2597847a56e99feb0151302b068c691d1df0d5ebea8f33ce7392a2797f282d23a42
-
Filesize
65B
MD5348cae913e496198548854f5ff2f6d1e
SHA1a07655b9020205bd47084afd62a8bb22b48c0cdc
SHA256c80128f51871eec3ae2057989a025ce244277c1c180498a5aaef45d5214b8506
SHA512799796736d41d3fcb5a7c859571bb025ca2d062c4b86e078302be68c1a932ed4f78e003640df5405274364b5a9a9c0ba5e37177997683ee7ab54e5267590b611
-
Filesize
64KB
MD580fac2827c5707c8947d7707d0e9613c
SHA115803bf5fa2966ab5cbd6edff157de58f23b62d4
SHA256305f288211687bc87bfa70c0e5d2606a7eab2766d6c48654724fcfba44e09036
SHA51201c043c5b58b320f53840db682d547f6eaf75880ac448a5de25f2d6f130b4a071a0ab5f98261cbc2fc215d2af1e7bf6b645ca3cd5116d309e2f52986c4f7b8d3
-
Filesize
319KB
MD5eba1daad08ac76aa600dfd7980f35117
SHA1abd09c46ca949e910ef04ebcd8ac1d3442833e6f
SHA256e218076d80f9433aea2494e7664ee272ccdb8d0fc87a7acc69fc88f8334df10d
SHA5127d7cc16c991189c0ee836fb6d04c6a3712c54e8c8b5e79d16b5597cf3829c8ae0a897df82413df1e2ef30eb226fac50cc5024b14099ea07060bd0431915f27a3
-
Filesize
140KB
MD5a42717b4a2342dc98d92f29cd70498b7
SHA1aa0db914dbbb583e7c044b87fd6b9b79015d87ce
SHA25649e340117a74ab57eb26b7c9e2a8e2fedb84ed34e44e28ad4d74e46d24051527
SHA51223708df2007464c8a2db0875a404746ccb735c5553b61df7ba324ab9343d2132c8fc45cd6d20dfbf29309612ffacb15ba22ad32c17e0dbf993a976da9830b6b7
-
Filesize
234KB
MD545f941a6516c2dfa4a83d54b9a3fe233
SHA1c6e8b0c05860a3261d9ed1f487a2693fb51c16bd
SHA25622ace0cc320af5519d170e2e4141f367a7a18b7b9790c1c32d210c83ad670edf
SHA512dde268b114547774320f0f9d1637b8f6f31d21d43293b28efaae09d0bdb38308469ecd860ddc4ebd08ab39a681f82beb3569b2316e3394ee1bedb510523c8ba9
-
Filesize
302KB
MD51dadb19092f4a52bc88c3019128f1551
SHA1d25434a0a1dc39c4486a951dabf2a379f7718b88
SHA25650c16c79589b6b60bf2a3b5b4dc9ff340ed4460cb7a8d36e7d0bf10c5c366285
SHA512701942e783260bc901b4d66d7c00d365cd5255f291742793ff39759360b53581e6d3574546e50b4db4a2e7ec7c75dbbbc91af067937127855d575fe24704a189
-
Filesize
149KB
MD5fadc68a3fcff255bcef3e7e789c6084e
SHA130d925fd607bd04171cadb4c2cf9f2220c31eafe
SHA256c40013778f67eee95421834e0b5a29cb7e40e9d5c28ee389cb1313c243bfaf71
SHA512bd1b1292b36a068fe1fdc6e3dc406fccc36e637133d1664c7cf3965adf61e79a401085caae88a29697426ed290d2925d68c25f7c80afe26789308bfc24fee9cc
-
Filesize
336KB
MD5333b364c928949e0771b6834197cc241
SHA18d769ea7124b3271d7e08f9919d9ef340249039a
SHA2560f3aa53cce091bf5dcba2d7bfd6265444670cebb1de053dd0e0908f858d3295e
SHA51211094ee79259d17537d582cd74366effd69f573829924f157367fe1633f0fbb3ff3872cca01680032589cc7392b2182bbab0df4010d3fc48ef95c4bc56b83d6c
-
Filesize
345KB
MD54a97a31b2b46b8d624cf7a59d74833c0
SHA18143a8741ee0c5eba2d8919257695967c8d825c6
SHA25631736962934a25e88658a7daaef21c50b844e74aea2ae3e107793cd94f408b40
SHA5122292b9e4d61978bb1a7f88e3a0262e7c55692423c6bf0a58ca1cca2392a579bb016b7f61d5c600ff698ec4a07a87c4089d621424a51f8410ef66d5a9292b46d8
-
Filesize
277KB
MD5fc3779104fb9b9cbbcd8275b878913df
SHA1022460b4f393480ccb6f64a203afdd0118bc0196
SHA2568a56d0b98b816a8bbb861863dc277f2a0e0cf0d4d2065588554c82a1318674b6
SHA512424154b428298904bd85d6d99f7d1452110e5a67a8ebcb2b322314c17bc31279fb91a9d44a159e451b4f46784dabdafe6997ea7e2a5e3a0bcb23c3e3ec625f53
-
Filesize
243KB
MD5ac64e5e99896207a91d906f9a841c4a5
SHA19fb33121f49bf5948e7a48ffb44e910bfa9b7005
SHA2562e4524f5e226d8333579b8b0056cacb3d0d2789434b56549b9da8f86afa26581
SHA51243fecb28854b154fbe1170d8e9f866cf58b7436561f8b2415ca16834faef1b3b11d39c6c992d65c0e24697f76b2c02f91e36d0904199dc90ea7d89c406704950
-
Filesize
485KB
MD5e29cd5a04f5165511876c1268cf18f04
SHA194b05ee9b5c1f39fff62476f5f0363eb9bdc10fc
SHA2561e29f35259ecde4f2fc07bc844da16d2af5e2bdb878ea161c556286cf6aa12a7
SHA5126b83ecdf691e731a0c2d145daa643fb9ea9bd3d7e98ee8e0fad4597544c07e12b88b0b0e2c26bfe34f5f548b59e20b936c3223394379dc3f9c8a0ad793e64a8e
-
Filesize
226KB
MD57d291f64b249c75627383fc3d1a36fc4
SHA17538cf881d152618034179c3cbac479e23089569
SHA25636562391ed1b782a14ae551a90b4bcc99a1d1f9365b03828accacbe8cb7e444b
SHA5121517a0ebccd1a0633ab7cf2540b504fd2743032a4f5f9d785726e2cde63f068d943780bc59421d6bd5c4d16876f1c5962e8de4fae6769b76c418afec8e3f0d79
-
Filesize
166KB
MD58e00726832a586ab5af06155d5f53911
SHA1f35582da74b3fd634e18a8935734c686dc07c78b
SHA25650b69c90a4c1c1617e7c675031851af5dbdcadbca58d1c8528393fd61c96b9e4
SHA512e440aec965f6e21a04d3bc4b9dbaef4c0d6da42cc7f7faf2828423fb791e528c215db9475b8ab4f0107286224e32936380a547b7615733c0f58fd832c8070244
-
Filesize
200KB
MD545c163b3b91636765325a9cee7f729c3
SHA17d7916c55889418190775d97c766c13aa502a6dd
SHA2564a283e22a8d124d19adeb2f5c3df0a39f5c8363b195e3bd248367bc826b445eb
SHA512d828559426d4904f721217985855b5dad9391f17ff5362fd4f2c1c67b06585a4a9495836b2e3c3498a256276629e78ce7db41b9fc283c21e42f2af0ae5adc940
-
Filesize
294KB
MD5eaea71824bfabe68454b34d644d5ccb9
SHA183dc9f23d4a2acc7585fea518d29a8957f801378
SHA2566db92c05c5348e5ff7626a023c4925e8fe882082902ec4ef29c827f5e9b4d619
SHA512061b63429d197ef182b47d972cc296d8ea4f0f3a7c840a0030581de92baf29bae8748659e05368d53ac9fb9c4220c574e5cbf64f7074d926bf32903fa88dde00
-
Filesize
328KB
MD57618d1095cc9d1af9dd0ef46ba380caa
SHA18636e0b557c003597067db1f4218ca191b6f3882
SHA25649751067b92fed25f8c3bb051e001936d244e8a096b06b3260f9c42f2ca29510
SHA5129379477d449e174594a2652e3b66dce5cdd254fbea8e5a4681140bc65a7ade39d2b9496aa801367363be366f5069edc00cca624e8bdbf26339973bc404cbccd0
-
Filesize
311KB
MD5b30b8fd16b2df07786d8e17a8e8e748f
SHA1a6fa89dde500b3ec4905e2d3eb2973da7f9d7149
SHA2568ac8b982c7004e3368cb1f8491266564f8035dbec2c9a1b225eece714933cfc1
SHA51253a394511413b7fd78582acda1f71f39511635a13134935ac4e27749a0c532edaaaa4be3585ab14567430ef7a690f95af5f2d81bc16ceb2bb1fe53d01b3534bd
-
Filesize
251KB
MD591c84ad50e4340849588f9955a5ffe45
SHA1ee1fdd175cc894ad94c37690ee1061f256b1f1c9
SHA25603769856ecc7b886799554e0598acab3875abde49b466d29ec8906e981908546
SHA51214a684a44ae12788e0072aaaabbb1432719f8ce8dfb437030ec53b70b07c507bbeddf499ab759ede028c113a5f463b2ed5534f88e10cb662b399ac1b99798551
-
Filesize
217KB
MD50171dc561409bb5b8fee475026faa70d
SHA1bd940dc0c46ff9db4fa6a59e4091f20bfe59d348
SHA256c428b0d9c0df703dd43ee09b05c32cfce304db25b01ff65db91cd9772bfc8fa5
SHA5128de719cf2955f16c32cbea3689223f3605577872432065b04f9cd3e37d93533c832df5c5a32e514969bad013ffa91b8522debed3573aceb167ed384c6b0c24b5
-
Filesize
157KB
MD5da6ad380bd072df9357a9724ac4c2e03
SHA11eb3810cceae0aef754a0410d38409acb4f62b26
SHA2562b69bc13fd1e58de4ef8e7984516016fd3c1aad65b36e80ddb2d9bf86c337948
SHA51294ffe6bb41e46892275597ebbd375580e99f6f030f951545c8740652ce102968a7077ee783f87b65f96c61573cc1be3a8271688ee7f95f38b660061df4b81165
-
Filesize
2KB
MD5b7f6959164e820e178cf8a31fe982940
SHA1ade9490ff6c1e393ad44756274f0999770ae05e7
SHA256fc88a0e27b674dede4ec1535cd3210481719c1ea98d44558ca413fbcbbf1df49
SHA51241ff1781645a00dc5f7c9ad27016ea3a47b02ed04d0e34068f105cf74387d2597847a56e99feb0151302b068c691d1df0d5ebea8f33ce7392a2797f282d23a42
-
Filesize
192KB
MD508ad22070416f4a56a6193698c839064
SHA1d031877516564737679e8ed020cd4b1a670c344f
SHA256d0abdfa8fae4e610264ac52e17914af631a2160cdf88703fd93fea7d41261383
SHA5125b32fb69cc3d082d4a3b08ae306e5536d793c35db12bb03207e5ddaebf9c1f37534951dacc5c62cbbe44b2c18e3c98615bfe12a4351c10ec13b3c29f101a4779
-
Filesize
183KB
MD5629aee3e1cff5f2c44b096fa3ea3e34d
SHA1bc6a88b8cec40ab6f8f3397c7885f4260aa063be
SHA256b91c5504ffbd0c6c839765172391831362c8c5cc7ead8dbdaa3bb0b129e23b69
SHA5121e12b8dffd06205a38ee554bd4dd55283f0c67f15559bbf652104bc0fbd2123ce90aa28f3f8231a8e69962dea7c4080343302efd5df94466776987d092586f2f
-
Filesize
260KB
MD542c299925799b774606a0f61e2103fd3
SHA17eb606c6de8a4898b137a4460e403d9520dff7ea
SHA256bae191be25c6d6d772c1b9e8a8e608374244edb877a0977a48d3c94a436becdb
SHA5128197a167d3227780184cbe5f8488b0f82ffc3022032324c770753195db5d49db00c8829ebc0cd849fd4a3e6763a82c423f065f46d20b8c0844a2008cb0657e7f
-
Filesize
132KB
MD521339d8edaef296b7c3d67a36950406d
SHA1666be5c0626765489e5da711d6e26ae5e0ad3cdf
SHA256bd46a55b3b668f5344b2902e5e214a4f82a197d55724f5a8bbd850f36d51a96f
SHA5127840ce4767725ea90382fd42e41c99e1ba1aa5ecd882ba34d6a78d088d4a510387f175513b9709d3ca2f57c29db2f48380bf2ea8837450d26cec90bb57dd4916
-
Filesize
268KB
MD5133c1c02cbc93a5bb768534b8960fd07
SHA15d488b961e2c4a4316a794a174c01c60b7271f4f
SHA256430acb1e5724cb724ae250b9b5c445a3a21c491684d78b7906df9b62611296bc
SHA5127f2df9ea9b07796961cc5ae063c972243455f3b3611cd85f4d1e3cdc68445643eef1fc7f3fc6b7f56632cbdb5309e455a961662897028632dc17903cd1a0df04
-
Filesize
285KB
MD58e0bcfd433b5ec049372e98a743d35f7
SHA1f791bd1c9b4d6100a69be31346419e8248363d67
SHA2567f9c166092d40a23206772506ba2e30e1042b759eec8f5a8877c4e90c04112fc
SHA5120acbafe8aee059f311b8853f253a547a32838a9eed4ef8d16e9a009291b5e551e66e969f8a12e36cac34214edb1869d8d33143d4dd1c4e0400501c650bc4123a
-
Filesize
354KB
MD56486b990ba0e5c29345ccc082de3c798
SHA12909a5828d816fdbe79d5fb96f616979960ea74a
SHA25694bcf621dc8cf0393a282d99ca5edac8276c8497af0a57c853b88a32cf39c6cd
SHA512352c8b773e91282af84569ed8a42841a2b0404fc5ddea615d7b25cf302a6b16e2a5b487707519fa73515c308d33e4bf9ba40ebae091afdbed98fd12572c32ecb
-
Filesize
123KB
MD5d1dc9210965c94516a05094ee39f8ce5
SHA11e810d9885a4bacb462254220c1bad908867d5ca
SHA25621ccfafbca7bc73c231b995ae05fa417aa34fece7d65235df45f82ba1b5ccf83
SHA5124e507d64e626a0c406a74b3f6ccd2e21d8de378d60d1ce4c4ccd868e92a5d2c318efe40ec6d8747c2bee3e8511c4f3d0377e58f55a59e8ed751d5fa54f463c31
-
Filesize
209KB
MD529e33723171e75c1a55004e1aeb2dfef
SHA1ed8b0b3d2d33de41322978da6b4e15e79ba0b613
SHA256d452242d3d97d1bf24d51df7c92d0122c426306ccbb9d115535061ec4c3445bf
SHA512cdb7a2661ab02564bd84a81e9ac33fc586d47cc1deffc5ffb8f64c6c8593ddeb0fbf6a43c3fd7e51b06a4da3f20d4bf037b5a9e9480dcebe53d326272f99156f
-
Filesize
175KB
MD535d54308bb74a67ba6c86aa762dd75f3
SHA1365be7abc186697727ec485ca853375b3e0e4ef3
SHA256a16ead72beb5196fa78c40f48fc09ed527495ec05fb6d750b9336e8286436a03
SHA512473f32ba7d2acbf2c12ed1f0d58b52a5a316252436f2c63042bd25c5fe8208870e53d83107f7da1e4cd19a168dee42b0bf1f16d6632650ea3bae114e1c9d722c
-
Filesize
32.2MB
MD519b56385b6b2df8928afbe151f464f03
SHA1a0920e9f91fdccc433e5a2d0a0ba240eedd97b85
SHA256b1654bcaf6eef7eed9846840a0e82c2462225fdbc26afa43e57ab95703ca4998
SHA5127959df53cb56a84660764d1d43c28c1d0de4ca0d26be5abb2ded4431fa509030ce0c0e85ce0b00b2a0df44237ef804ca6f3e6128254ad81ecfcc34ee8c299356
-
Filesize
96KB
-
Filesize
96KB
-
Filesize
96KB
-
Filesize
96KB
-
Filesize
96KB
-
Filesize
96KB
-
Filesize
96KB
