Analysis
-
max time kernel
461s -
max time network
412s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
24-02-2023 00:33
General
-
Target
sample.zip
-
Size
32.2MB
-
MD5
b9a4b2205fab2dad760abdbc739b3fb1
-
SHA1
c4b70f8dcf203567f310e97436bad9b08be08ad3
-
SHA256
204ad9cc8149d5f6f24e76ac18883c4843081878397ad9cf2dc29842fc28f277
-
SHA512
c3e7c4c84e407fd07aee467eff5218b5c9cb62e5bc07551153ed6c501b83697899a736e0c0a47a1cbaba4bae25aefaba97b112c15859b71e4c94f1f8a622835d
-
SSDEEP
786432:6Ah0EeJmxWNeioD1NQ4mnqhGwGhV8fhHHvVdr:6thNNeT1UwGwBPz
Malware Config
Extracted
C:\Users\Admin\Desktop\README_TO_DECRYPT.html
quantum
Extracted
C:\Users\Admin\Desktop\README_TO_DECRYPT.html
quantum
http://tijykgureh7kqq5cczzeutaoxvmf6yinpar72o3bxome7b44vwqxadyd.onion/?cid=ac76ebfba8f313e3035387cd174939e02c88a37dd0b3118901799fd203769b46
Signatures
-
Quantum Ransomware
A rebrand of the MountLocker ransomware first seen in August 2021.
-
Modifies extensions of user files 7 IoCs
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s) 26 IoCs
-
Modifies registry class 5 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 6 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
-
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\sample.zip1⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x1fc1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}1⤵
-
C:\Windows\system32\rundll32.exe"C:\Windows\system32\rundll32.exe" shell32.dll,Options_RunDLL 71⤵
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe"1⤵
-
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\rundll32.exerundll32.exe quantumlocker64_faf496.dll,runW2⤵
- Modifies extensions of user files
- Drops desktop.ini file(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\\006FA7A6.bat" """3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\attrib.exeattrib -s -r -h ""4⤵
- Views/modifies file attributes
-
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
65B
MD5348cae913e496198548854f5ff2f6d1e
SHA1a07655b9020205bd47084afd62a8bb22b48c0cdc
SHA256c80128f51871eec3ae2057989a025ce244277c1c180498a5aaef45d5214b8506
SHA512799796736d41d3fcb5a7c859571bb025ca2d062c4b86e078302be68c1a932ed4f78e003640df5405274364b5a9a9c0ba5e37177997683ee7ab54e5267590b611
-
Filesize
65B
MD5348cae913e496198548854f5ff2f6d1e
SHA1a07655b9020205bd47084afd62a8bb22b48c0cdc
SHA256c80128f51871eec3ae2057989a025ce244277c1c180498a5aaef45d5214b8506
SHA512799796736d41d3fcb5a7c859571bb025ca2d062c4b86e078302be68c1a932ed4f78e003640df5405274364b5a9a9c0ba5e37177997683ee7ab54e5267590b611
-
Filesize
72KB
MD5289c7eadfe9782d3c0663128d32ec7ab
SHA177c605486e68fd00f6408cacd54ae269dc6e4826
SHA256a3a943cf4f885bc94207dd07ef80f51e624c42bc5659fb94f364465f3815ea3a
SHA512a3443d0630e3f5df39ea551bd59d125dcff9f0cb1e6557cbdb654199ecbe561d33949522e6859fa369b5d9dc0c482dbf11c24e18b4e2f2303e0e604029896a4e
-
Filesize
625KB
MD5f8e4f03c621393266464304723c88046
SHA18a26e620da1bc2827a1b3a2502e8009e5bb022c1
SHA2567fc5d87fa4739d2d2a8575ec87eb6cf958a38f331be4a9a719ee3b43fe72fcd4
SHA5123f0c935d9fd4d9d519227d25d48ce8b09ec7d0c4f75eb1be77516c2819b7cea84e70bdc764c3cbcb7873aca73e3213cfc8760e19886870e3b17e38977c39afe6
-
Filesize
419KB
MD5c333535ebf20fdc3a33cae08889d5a36
SHA1d41ac4b1fdde9529bbe2d6fe9b7db3f285ecffd2
SHA2563f965f2b6c19046f6e7824d68b10bd58dc6ef1b2d1ad3b59a918b296dcacd86c
SHA5121379334233420ce7700a5333df6d0174a811ec88445c82a1d02871796b64737e8585f2954793c6bb3cf574b21462ebe8ab03fdd1200a0e5d62424228c54abc13
-
Filesize
578KB
MD53a5dcf5b15d9f2cc1157e9b115bf89ca
SHA144e842807d2861bab79b445081d45172f4cdbbb6
SHA2569c7e8b68fe222a8de1c59b6924f30ae5f97889463ed052d30c77b002f930582c
SHA512779228e0d3d67d9aa39882526626c0cf104df868370d63295532a4131a7d5fae1883fc2fd2bd263624290e5bc28fd965b5a665ea8a31d9b631326306d42b4b05
-
Filesize
483KB
MD524ada1d3fd47cfa0effe6603c88acccd
SHA1de49adaf8c51acead9dd019c06a1f91210e576a6
SHA256f92f953cedb3de04bcf885635378f49204adf86a34997eff9d96ef27c50ef2cc
SHA512d3f155358687ea50f2b025ebcb3a63add07bcdf463f1930c438b55569521f6f032b827c4401da2a7c29bf028294ccf5cda7c7a17244a6d3db387f5fbd1fea9aa
-
Filesize
277KB
MD5a2323c1c4a8259efcd95e0eed058c8f6
SHA1dfd00b7a45cbaded66c8fd160bf11589266f122c
SHA2567995933239ac05288d75adf02146678c1de436596f67052b783d53738eeb7ff8
SHA51218819472f75fb8612addfde0b590f1a010b25d26be073423fd0b11a6a0f62f80daa4da972f4088fdbd35f21992292b269292ceb3eb299dfbb365307eac1b2687
-
Filesize
324KB
MD5b774c43c1bee7234e8f3759566d8db1b
SHA16c778715fc647029226ef3dc2fce08a27a157608
SHA2561668a3eab4a7c16156eee7d179a10408fa56026e6f79ff24454876d0257eebbd
SHA512f362131c2f0bac8c18da7fc26df4a264505936a499f93a2490be66818436b733ded75a991f6ef91d1d261334cbc9b34db820facc2ee2a6a59fbe2a17b83a224c
-
Filesize
356KB
MD576513e6201951e65f6b37265516791a5
SHA145b84538f3719db7e18959ae37fb2d2a1eba5278
SHA25657c5a7161d3b878a5fcc1a9e60792ec3133fbac26c6f028755f4a45c68bf3574
SHA512728148267a55585c9cc45faf319618130144b4c8f938bd7d7a4d448020b2ed0af6d52cd74cc38baccb2f5792013d1cf0755a8949dec2bda3793fd75a4c56769f
-
Filesize
340KB
MD556a71f0f147795e8755288e8ffc1ff9b
SHA18f91f9460d943a6bbb0ab8764f4d87d631cd18d5
SHA256a6b5033d2cb60d060debcc812d7595913660883bfaf7614b3ffd7585dbbb3e13
SHA5126d8623dab252a27595829ae5fbe207253afabfba87278d45de1539c3de00eb85c4d114e6996415bf546275db509ccdb540fd813988a6ad8153c91eac42d4f055
-
Filesize
2KB
MD54c61454476bd2d8e0e6e18415d7807ad
SHA1d00f49c39216b5e0e152c7457c2f89a67df2b12c
SHA2564995d5702633c794a9ad903bba9c5eb9ca3fa8b5308f4019e89949fa07f93000
SHA512e409c8bb4e55631c64400a30fd787c50d09c382423222d54a446ba6318028aa0d41e219503caee3878c304699b04dad84880b3b9cfe92684a2bb28f9e647fd20
-
Filesize
2KB
MD54c61454476bd2d8e0e6e18415d7807ad
SHA1d00f49c39216b5e0e152c7457c2f89a67df2b12c
SHA2564995d5702633c794a9ad903bba9c5eb9ca3fa8b5308f4019e89949fa07f93000
SHA512e409c8bb4e55631c64400a30fd787c50d09c382423222d54a446ba6318028aa0d41e219503caee3878c304699b04dad84880b3b9cfe92684a2bb28f9e647fd20
-
Filesize
609KB
MD5ea9f48d0c266b509a186ea33990b2d3e
SHA172cdb9fb3bf19d31c520ec7d7d69361d720683c1
SHA256a46eb50baebedd03298c9748fe90fee90e79667718cd200844d85777d5ee4d0d
SHA51270925f2ce917b6927c05a1c7602371b53a56639be3d8f2fa6344bba503f23489eb3f9d5f3ef251d231bd124936159e25d61648a5af135ca3f527171ba42dc43e
-
Filesize
308KB
MD5ca249db96c47b84a201e80996ceecba8
SHA1cccd153fad5c8f6a009e71ca39caa06a0d717d43
SHA256f9c269f4acbcb916c1f2f8c1ea7de7c57a468eaab4f5bdd7e455ce8305e95dd4
SHA51246ffe212b12ee526e99c27c9e0ecc35c8fd926ec916e7f13353a9d9ab1ec6ef41a550b0e89164dcd7b4dd5a9fb6310ec17baf3825ae0a5f35bc00387600c91ec
-
Filesize
902KB
MD5949be288c3ab464a6e7a24b10159357b
SHA196c098f6cabbda6b64583a2ac77e51b8dadbc44e
SHA256747c3c5c369d8230c9634da6bde0f182f0a7c62f4f283899049cc2b881391b91
SHA512439db582ec85fad40166e5660251145b0a2e1d2a84a94537ae751d9e62eed40b573cf45d29961c89e69a20bd6f3642a9e3cc41d89e955a39a9c2f05ad4b5d11b
-
Filesize
498KB
MD5f239e15a660f1d7f94e615d7e3b3f9b8
SHA10dfee4cfcc905692670f2ffad52ab89035252eef
SHA2568bd234dbfc03037fddd6b3fbd141fed9bd6b4a46f3a2f25a841d077e1cec72bf
SHA5122b10dcf32704a79bd24382fd84a31f30ed76c3a1a7a27cf5f0d5257e37cf75d1bd28a1c5c4c742b9a6dea5e8deff8b865e13f6a2bbcfca7e7a7bd4e2758a3b2b
-
Filesize
229KB
MD5ef29a621098a735a3a40b57f8eb2659c
SHA15b61fc2c68152e702d7d542607e2efbebbf7daee
SHA2562070c4ce587f637b29c7b623631cc9ccbf6f0f131cc8d52e7881f0af4e032fe7
SHA5129948aa85b574bb933d2730690c11446f4d6fb632df384b2f67e19b83dc9a7208d4fae8faa606eed513cd88326ec0409e3919f17b1833db25c2d365fafaa10295
-
Filesize
562KB
MD5a659d2c4825944f5436324e8619a81c1
SHA1e802e06053861fdc47aff73637e1f25c9901dff1
SHA2567d31641b5f026864d10e500ac812ad6a251ef6aec4eee47f118f7b6a0cb21038
SHA51267a8efbca4b362bb2014d310d43ad0ebfb4dbcd5dac4bd40c41aa6ca0216c24ff663b1574dd6d66601b6ce3119ad90366323848c7ad736c290163bcb18afcd91
-
Filesize
372KB
MD5bcb42258446c1094563a0e1cbb264e5a
SHA187a00d217fa03c4404899df85eea3885458c4e44
SHA25608fcbf5fbcdf280bd79ad76a391ea995184f27d72fb70c34e5f471a0bdb701f0
SHA512ef326b055b8a67e4f54da3c411f6cb7a9cabc247b32785a8b02cb3b829d543edfddd0d7f8adb0a159bdf1a34b8169a77319ca1b6ae4ea95e09f5c1081b735ba6
-
Filesize
530KB
MD54c07b25a3591ea03723b217a04fbb662
SHA14aeb0bab8b2ad45c33b0d3dc5fc0d667341c3288
SHA256a5c857c80014eec963690d798793ce091101a41fd12a0d7d21dcb5a68f96e007
SHA512331c7c431b470cc890bff5626794e0ba7769192b965f0377a8e47b2822da9452506ece6dfd48a4e77c899f18f7b82cbea60567004844388dba7b80d83a3239a0
-
Filesize
593KB
MD5e461e5749c263d2ee531ca180d2ab225
SHA176a419276daaeb4751316abc8d39481cab04f7a2
SHA256ca1b5668de8c9c8d59ba25e0a77d2b76eeff7027c5ef879774c28a0726b310ce
SHA51214d80b43c555ec8c068de04a3a89b212c4ef68a56b76618c350a79ad47eed1cd478439af1c470868a507f952493f0e682bfaa4e8c26d7d2abbd1a5f5c8afcbd3
-
Filesize
546KB
MD50b6213ec7e28455b24d696fa945bae1c
SHA152188c87ccacf89e358cb252b96784baf37bec6c
SHA25645bc242c9bf5cb78f9b8c0c63d92369ac3166034693f39aded19948738eab691
SHA51266f3a3a7d54e7616ad55e4bc1e1c9641a08aadd4a65f08c01d2128c690d46f12bd7dbb2457cbf9eeecfcf47284dbeb5b9cb3a694664a9f0666881e1233573b16
-
Filesize
261KB
MD5a82f65ef09e524297736cc38e98156bd
SHA1da6899fa829a69e5cd6648f86b4221d2caae5907
SHA256e8ed789f5760cdbf19f91d3d9953adf44bea9625fc99bf7ba6afbb7f26bddb46
SHA512649e6b88401744a5ee44f228930698f89157e8e76266469be384f8fcc60f589c8c57667bd00775110f1c1285ba97805eceaebcd6aaf45295d12f6ac1585127f4
-
Filesize
451KB
MD50f524d2cd414c87c93f463662b4db755
SHA12aa39237f5b30a3cc2a3f772255ee7ab765cef75
SHA2560bff682c1db98558499660bec238a934f96aa255912923c434bea5423136ac0a
SHA51250de31b17a75ac8371ed90a2cb60079679135cc859faf1275d0055a15e688022b85c4ce0dc8d393ef66942f29f31e048c7e4d862486d96c40eb96d5bd9e4d14e
-
Filesize
245KB
MD55310553cb4b04c6f40e3f218f4aff25c
SHA1b39d0ca633fcc51c2ef11be7e4afa25e44396bdb
SHA2561f0cacaf2e50ba6802f8433db012936fa01a4fd4a086800b699dce2e96794200
SHA51243f87cb995114f936bf230eb242e0e37dee9252386fa8d4996e64552e462b1eb882b86e0bf4226e1a720f03035c209b8a93e069b79767d641c48dc7a12e7e3e1
-
Filesize
641KB
MD5928a26f681a97e9ba2e552f4987b66aa
SHA11c5ccaac27012d663c8fdfeb77625daf15d66d4a
SHA2568f7c7100daf116478f483ea403a28577dfb626d77d6c4838bb9a9bdb6310c660
SHA512e73366d9c996ee31d4278565a6e85f2eebfed8e44829a50717ee648f4972bceb84897229a65f620b5d7a93db5ec5b89829460d186f22862afd2f9bd7d81a4e16
-
Filesize
403KB
MD576d207fa0068a2f3e63cba1c7dcbe194
SHA18db720b7a68045c45cb4195ce3b0c6f1ca66bdbd
SHA256ec70aadcaa31fe369223b9494bb4b000305fab60f193d30b435a5b9378dcf9c0
SHA51286507f46bccebd8001d1b3307dd11f33b6c773422380e6889ba6bdf110f22829abd781bd93f92e992b0d00bf8465b849b1ff192a2adbff097d286d8b95b7100c
-
Filesize
467KB
MD5f7918f75b779be306bf8f7c1b5878f7f
SHA1fda4f8aadd00e92683af0c7efa4b2303e512e4cb
SHA256ddd685757b4ffd0f31931284e7206623cc66381246cae6cadf15bc50767983f2
SHA51291c96dbe0d93853105a1819935f5112a10af50760c0be2e9f5dc7ca5cdabc038083efd5851174c409fc68e002265719d94f35adc5330ef39c021f0a4befe5902
-
Filesize
435KB
MD5419670a7a22087c595a1a9145b55906e
SHA17a6e25327a7da144757fb256d074ac1952ee2a19
SHA256ab86776cc5de58048c5fe7f264ab03e757017479315dac488bf1f49664ac4509
SHA5126df16ac733cfe387d4d0477e398255b3e4b82e8e9c73ad6108b7754ed2be78fccd898b3fe399d7fd52f49e7f2469da6d4b8d344807228c8c7b0c89a782aad8c0
-
Filesize
96KB
-
Filesize
96KB
-
Filesize
96KB
-
Filesize
96KB
-
Filesize
96KB
-
Filesize
96KB
-
Filesize
96KB
