Overview

overview

10

Static

static

1

4d118d83c3...47.exe

windows7-x64

10

4d118d83c3...47.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    145s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    28-02-2023 03:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d118d83c3192a771479d6e392d62a109aea4ca8dce81a0c6c0fe50329b15147.exe

  • Size

    75KB

  • MD5

    0c2798b083fbf6a6e175cc68512d1dcf

  • SHA1

    5e74f28cbc8387bad3a6745f532c3f283d4af9d2

  • SHA256

    4d118d83c3192a771479d6e392d62a109aea4ca8dce81a0c6c0fe50329b15147

  • SHA512

    415411f85e4facaad08896d7363918834e6abccf7c2661f0f02cdb4bbcf22693353f17831a36aeddf40ba0d93e997981b4f4b7986eea90cd35ed25d6a7febe5e

  • SSDEEP

    1536:9aX51pVH9hsgNGLs6BLM1frxz/HTfcKKBaJG+prBF:OfJGLs6BwNxnfTKsG+prB

Score
10/10
quantumransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\README_TO_DECRYPT.html

Ransom Note
ALL YOUR DATA IS ENCRYPTED by QUANTUM What happened? All your files are encrypted on all devices across the network Huge volume of your data including financial, customer, partner and employees data was downloaded to our internal servers What's next? If you don't get in touch with us next 48 hours, we'll start publishing your data to the Data Leaks Portal / TOR Data Leaks Portal How do I recover? There is no way to decrypt your files manually unless we provide a special decryption tool Please download TOR browser and CONTACT US for further instructions Hours Minutes Seconds

Signatures

  • Quantum Ransomware

    A rebrand of the MountLocker ransomware first seen in August 2021.

    ransomwarequantum
  • Modifies extensions of user files 10 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Deletes itself 1 IoCs
  • Drops desktop.ini file(s) 26 IoCs
  • Modifies Internet Explorer settings 1 TTPs 27 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\4d118d83c3192a771479d6e392d62a109aea4ca8dce81a0c6c0fe50329b15147.exe
    "C:\Users\Admin\AppData\Local\Temp\4d118d83c3192a771479d6e392d62a109aea4ca8dce81a0c6c0fe50329b15147.exe"
    1⤵
    • Modifies extensions of user files
    • Drops desktop.ini file(s)
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1144
    • C:\Windows\system32\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\\006C7B68.bat" "C:\Users\Admin\AppData\Local\Temp\4d118d83c3192a771479d6e392d62a109aea4ca8dce81a0c6c0fe50329b15147.exe""
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:1716
      • C:\Windows\system32\attrib.exe
        attrib -s -r -h "C:\Users\Admin\AppData\Local\Temp\4d118d83c3192a771479d6e392d62a109aea4ca8dce81a0c6c0fe50329b15147.exe"
        3⤵
        • Views/modifies file attributes
        PID:1728
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\README_TO_DECRYPT.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1616
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1616 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1820

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

1
T1158

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5bd7521043ba95b296fa92132adef82

    SHA1

    b7e02a44f1303c9f4c20ee86a1811f9a79962743

    SHA256

    f4949b16f1b2bb134958e5a0611919d720f6faeee42865c4bd975e8e418a251b

    SHA512

    e755974a3916ad924e8f9fda700b28ab9aaa3c27b1aee69f8b168481bb14fdb04c4e83660a16cbcbc777074c00f21f8885293ba457fb0245cc42ff3f79d860eb

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d9a2d6895fdca352cc95b2308c8a1f99

    SHA1

    902970cf18ccbe939fbf611c0e366edefb3c2f29

    SHA256

    e5ecc0256c2e42837d89b588d538c00f6a27200211e06ad178e48a9759c971b8

    SHA512

    9e6807144784b3599205e1a2bfbc126f88156c3a6e7defa1cc4d978e936e9cc8a2165ec88c3083e3650e47cb4f6e49270062b0d7f4f0562a21269a62fed8ae4e

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    9446dfac35bbc992d7dfd199a8ab947a

    SHA1

    d7bc86f7e77fe67506bc3372df5d3d1b3fe7a226

    SHA256

    4da84bb265bd42ac8c85f64d9dba093d8829a2d6af45ff8e37483e5a948ea2de

    SHA512

    63fc681c51fedde36d8e535fdb8985fb420274868d2ddaa7cf60300aefc806da8a993a41de5204e202c88ef3fc1acc62c2661d889c927b05683721c82899d428

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    38d3b84010c5e432edf32eba2062f0b9

    SHA1

    cdf6c963f0906304340c64deddc6ad660e0133a8

    SHA256

    a5e70f7def9b0efe2272d405165fc90e5d5b28dbba8dc17cfff9db3a5d59beee

    SHA512

    43a519000722cdc8b316e7af954cc7a715af145cdec257c1ff5c13a174915cfc3bd0a8b3022ca4de7a10091bebce3b2a158e3bce980d412bba19c6f5efd26108

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c8fdbdece886f7a4cc343d41d7b25e22

    SHA1

    d02973c1280a548970f49c16bfda35736b94d4c7

    SHA256

    7c5c6f195fe552469bd6e289ede91f042772815f610dafa7e907fb7fb3239af8

    SHA512

    e382b4eeb3c817f472ddc1cca0be40fc9b7545b07742c47d8c7b703e1dfa7bbaf34e5fd685920f9738d3c29a94f5847cf37e2b97b373fec0e54fe25f3dbe3251

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8e832e7f60a67094de8d9bfcba6895a8

    SHA1

    677ae82b57a92f9337fd85c09ff2482b08e4b5a5

    SHA256

    c794356f0728798ba79d007e10ed79800ec4a43ac5cc6040ac288ee7a2864f91

    SHA512

    1bdca36a8e3c99fe27858936a69790752c71418019b34287b02a687962b91b468f1c394bb41641a9aab6d11cddd81a9a2acd99810b1e48e6f12f6b2f7822f67a

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d315b4283d99c54caf0ad53e3b3644fd

    SHA1

    6fa2d517f43f6712554e89dda934027c794f8260

    SHA256

    bad130ccd52aee0fa426248b26bd9439181fd322eaa1d3a6ed60626d4a9d7f53

    SHA512

    81855a78ef37b1369b74c932dd6c6ce115153d439041f178167385b81d6681e98b28c140ccb9a91d81ba6149ad4d5c3c9fe9b0d95f9cc39a117e25927eca4bfa

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99b74285f411279981bb416d6c5b6d2f

    SHA1

    be51254257b799b3a46aaa66a8ec91f4c4890688

    SHA256

    39798a57aa5947749dc7557f07e9519f912a2b111d2ccc696c68bfc6e20da10b

    SHA512

    eb4f413cca01d3c4c2f9243fa340ac86795d46edbb6f6f59a88f5d8fb94eb2c88826b2be74f7ae19c53fb1a20cad57714ebcfdbccbe1e0deb74be2ad9b5844b9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99b74285f411279981bb416d6c5b6d2f

    SHA1

    be51254257b799b3a46aaa66a8ec91f4c4890688

    SHA256

    39798a57aa5947749dc7557f07e9519f912a2b111d2ccc696c68bfc6e20da10b

    SHA512

    eb4f413cca01d3c4c2f9243fa340ac86795d46edbb6f6f59a88f5d8fb94eb2c88826b2be74f7ae19c53fb1a20cad57714ebcfdbccbe1e0deb74be2ad9b5844b9

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    33dc730689ab861e05e5d0e4ef90a9c1

    SHA1

    d5db664ced2be156317ffae708adba19375ebc07

    SHA256

    f08926b2f88647dc17e9443e868f4ecabe4bd81faf24147099f5837b72e2fcdb

    SHA512

    a34416dba610280d13447639049adc1eb462adcc69bbdad142bc61faff41d36cc613ab4097a47a5fa11097ac632e8cec8691de7cdea56a5b77ed486adc5efb51

    Download Submit
  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f235fad94d9104d971e427294e923f36

    SHA1

    556261394f85197987d786fc6edd0219913925ed

    SHA256

    4c332860a9c57f2f6330a4fdace63988f3a078ebf9fe978848c4f5adef69ad34

    SHA512

    06a4d33e2905d966aa4d4214a06799ce64083cdd0acdb505580f43f6689cabcf3b7734939c2f229f7c1ae8ef07a07ea0c132832b0ae5bbc90f9f29dde926fe5a

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\006C7B68.bat
    Filesize

    65B

    MD5

    348cae913e496198548854f5ff2f6d1e

    SHA1

    a07655b9020205bd47084afd62a8bb22b48c0cdc

    SHA256

    c80128f51871eec3ae2057989a025ce244277c1c180498a5aaef45d5214b8506

    SHA512

    799796736d41d3fcb5a7c859571bb025ca2d062c4b86e078302be68c1a932ed4f78e003640df5405274364b5a9a9c0ba5e37177997683ee7ab54e5267590b611

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\006C7B68.bat
    Filesize

    65B

    MD5

    348cae913e496198548854f5ff2f6d1e

    SHA1

    a07655b9020205bd47084afd62a8bb22b48c0cdc

    SHA256

    c80128f51871eec3ae2057989a025ce244277c1c180498a5aaef45d5214b8506

    SHA512

    799796736d41d3fcb5a7c859571bb025ca2d062c4b86e078302be68c1a932ed4f78e003640df5405274364b5a9a9c0ba5e37177997683ee7ab54e5267590b611

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Cab6404.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\Tar6465.tmp
    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

    Download Submit
  • C:\Users\Admin\Desktop\README_TO_DECRYPT.html
    Filesize

    7KB

    MD5

    1fe4427237b44360f7706f350d08e22e

    SHA1

    88423a07f8fff1eff8938577dd9c52ede1e22bfb

    SHA256

    c61b3e303c643ab5d4438bc9ba6f3f931778e777cf9abb7474411ba204fbcf0c

    SHA512

    df5cbbcf0492bf96ff0dac324a9eb551cb3fa8a4b80c01b5538daa0ff62e3a7345b8750dfad3b1b1b978a9fbdae12b70149b52e6c3bbf32b0cde654f613fe58c

    Download Submit
  • C:\Users\Admin\Desktop\README_TO_DECRYPT.html
    Filesize

    7KB

    MD5

    1fe4427237b44360f7706f350d08e22e

    SHA1

    88423a07f8fff1eff8938577dd9c52ede1e22bfb

    SHA256

    c61b3e303c643ab5d4438bc9ba6f3f931778e777cf9abb7474411ba204fbcf0c

    SHA512

    df5cbbcf0492bf96ff0dac324a9eb551cb3fa8a4b80c01b5538daa0ff62e3a7345b8750dfad3b1b1b978a9fbdae12b70149b52e6c3bbf32b0cde654f613fe58c

    Download Submit
  • memory/1616-337-0x00000000022C0000-0x00000000022D0000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1820-338-0x0000000002D90000-0x0000000002D92000-memory.dmp
    Filesize

    8KB

    Download