Overview

overview

10

Static

static

1

85afbb8852...b7.exe

windows7-x64

10

85afbb8852...b7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    112s
  • max time network
    114s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    28-02-2023 04:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    85afbb88525daf50e9256d24a98bae57f78f7c6ca8e5724820a460a5e9bd12b7.exe

  • Size

    75KB

  • MD5

    41ba799c4931f0877d80a623ff9a3192

  • SHA1

    645ab2435541255106e0fbb8175a22bb7379836d

  • SHA256

    85afbb88525daf50e9256d24a98bae57f78f7c6ca8e5724820a460a5e9bd12b7

  • SHA512

    b2b55030993075280e6cea642569e8f11c0d835566a66dc397b5549abf7e389a6bf5f8123ebb9a32145867b8031e32a72a9e577f2854e157482c7312ad73102d

  • SSDEEP

    1536:9aX51pVH9hsgNGLs6BLM1frxz/HTfcKKBaJGEeoSawY:OfJGLs6BwNxnfTKsGkSar

Score
10/10
quantumransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\README_TO_DECRYPT.html

Ransom Note
ALL YOUR DATA IS ENCRYPTED by QUANTUM What happened? All your files are encrypted on all devices across the network Huge volume of your data including financial, customer, partner and employees data was downloaded to our internal servers What's next? If you don't get in touch with us next 48 hours, we'll start publishing your data to the Data Leaks Portal / TOR Data Leaks Portal How do I recover? There is no way to decrypt your files manually unless we provide a special decryption tool Please download TOR browser and CONTACT US for further instructions Hours Minutes Seconds

Signatures

  • Quantum Ransomware

    A rebrand of the MountLocker ransomware first seen in August 2021.

    ransomwarequantum
  • Modifies extensions of user files 8 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Deletes itself 1 IoCs
  • Drops desktop.ini file(s) 26 IoCs
  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\85afbb88525daf50e9256d24a98bae57f78f7c6ca8e5724820a460a5e9bd12b7.exe
    "C:\Users\Admin\AppData\Local\Temp\85afbb88525daf50e9256d24a98bae57f78f7c6ca8e5724820a460a5e9bd12b7.exe"
    1⤵
    • Modifies extensions of user files
    • Drops desktop.ini file(s)
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1212
    • C:\Windows\system32\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\\006C3A24.bat" "C:\Users\Admin\AppData\Local\Temp\85afbb88525daf50e9256d24a98bae57f78f7c6ca8e5724820a460a5e9bd12b7.exe""
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:2032
      • C:\Windows\system32\attrib.exe
        attrib -s -r -h "C:\Users\Admin\AppData\Local\Temp\85afbb88525daf50e9256d24a98bae57f78f7c6ca8e5724820a460a5e9bd12b7.exe"
        3⤵
        • Views/modifies file attributes
        PID:824
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\README_TO_DECRYPT.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1392
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1392 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:760

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43c2f3480607e5aebd1d26bce5480322

    SHA1

    4fa920d8b2441868366d0cad4d033609a1c4058e

    SHA256

    ab0bdef6f97e04a7352ee00f717f0750404a62003ce18fbaf455a4a43d50a8d5

    SHA512

    5c774a6a781bb0ab554e315c916553b0e93cdba97df85696f1c7f8e574ff87032ac2537541d584a7977fc76ccae22f9da46f22ba9744eb1b7d55bc348d1330a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7689367f09aad053c8535575307dde8e

    SHA1

    e003a5240d5f9ee21aa4ac6b43dd3b27ad3da443

    SHA256

    962def65afe80c1532d9293beb741e7789a5931bcdead6502edb46d171d2fe2c

    SHA512

    8cf5247fcd5116a7c1a7a926472a7c9bf555000377398cd9ef906c35d3eb74bba82ecdce4bd6c100985e1610a033eee4b320444e68693be1202e7d75be2f0bcb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    37aad197f17fe8d88d241ab72de1b7d5

    SHA1

    7badc90a5214e4c30f127b90b1f3dbc5b27e4666

    SHA256

    3d959ebb7cff44c916c62f0bd3b115a7c22cb75a238e6ccb572e134008a055e1

    SHA512

    14ca59f0d0b3a0c334e21e9c0a8b63207c8682100710fc26bb8b5f4a32897f0ee2c5d1dbcf30695946e933c7474de85fadb22bd878d212808c1c89debf08af4b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1e746f5f469d09c93372f34aa5fac95b

    SHA1

    18cd1361ff399ffd6123ffdcedc472ba78a328e3

    SHA256

    2055fd59bd7cc57e9bf14ebed64ad201bc7b52e276528cce039accf05596cc87

    SHA512

    026c74ca853c4447fd26f1fb3ea9f38f43a4f07b9552b482f099862ae2728839e3f2456f5e476edd42ede18c0142cefb879356c7e1fbc4fe73ef2c1349c1ff7b

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    43ee8015486a0e586007c838d2eaa02b

    SHA1

    29702cd091a554bf196d310832704ec5e9759c4c

    SHA256

    032b883cd3678738008377c70d2e944011c073812d9baf0313f231b2957905f3

    SHA512

    e63a93ff4e2f3c60458232ca4915e678ae9281f28d15b2ede8012fc92afa1873430d459c5bd4a2356649a4605494732424a9628617e9faf14f0b0d302d6304a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fc091f01dda4518c4751283f9e349048

    SHA1

    45f2e5e486492e864eb41596d767a4e0c0fc8345

    SHA256

    2c66b79dc3c4d86798872dec1f578fc932d0ac2417b7db5814a61b6acce90319

    SHA512

    4ace4b837fcc97e112dcd9b4d75805a35f731d882974dc3d69bec987b6c14e0fed56a74403134e94dc046b0ee5f88e45a6844b33da0257873d3538f685b723b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d37cee976fabcb533fba92f656587a3d

    SHA1

    19215c274b8092b2298d6b79648bf8c4f8582a5b

    SHA256

    317ab80c3d1e13c37692ecf5f6106aa3f0f23a8d3f2c272ddb1caa39c61595f5

    SHA512

    7f172c168f8c365761681b1c4a4c8ebab4c8122bc29ee751e8419aaad2b713ce65da7e43b2063315402bc4d65cda3c8098a7d55764f5e3bb318d81a52001c27e

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa7d2b41aedeafbda7fcc47375f97f3d

    SHA1

    f5dd64584814699058c4798b40fbe194f52afaab

    SHA256

    16ad654345ec94de749a7bf7c221ae902d70647f5f83878faf7e0b43ae23047e

    SHA512

    84cebaaaf4ef5708f37d4c959e9057b4c880e68600e4d39fe49cb3c283e309b6c7b90d6da4d8cfd072c082763e2a3575c81259a10283923750a080cd11bef9f8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1143a8e0bf6f36360ea1b1146a0cfcb6

    SHA1

    059966add727f67511af9a49a2546210c3da6467

    SHA256

    af62ed955ffb0302c021cf0df7ffb91f96340615f31474fb797335c4eb56dee7

    SHA512

    7e688c2c7d48de2f6a41f3f7b04b99197bcf0666fa64531495737e65397b70dac41dd3b37906fd2c5f7ed772660d5522888abe74e961a959cc539cd046f523bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    87fbe5936f5cf68b3ded37270b6b2760

    SHA1

    6854037ff2d20ce4f54712a33f9a1d47945a5243

    SHA256

    7ea52a042bc50d147ca142f34f866759302e8a45d260383a81ce46806b3a2bfc

    SHA512

    a09b0e9729b206eadc4ac41714fbeae3d16f597860296107601130a1a1f36bd3680d15de88f2deab9aa5ef55e3529530c8a9949bbd16a016b6c00e669b42bb26

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    0925365fd4c8b53e681382ca505f017f

    SHA1

    ff1fb926934df48e976989caf467e64ee8711197

    SHA256

    229745267e58e41715eb3dc828dc3d0656d38c414bdd61ab89d7b4f83592bd4f

    SHA512

    60ea17ef8c8397383051d46594450e4c41107ebb46284a6634783a3841a5ef34e702bb567a4bb53a7be931b8e39fa23d12a79bc110ce12437603bef545a992c8

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    728f4bebe3e675fe1c51dc376c6b47b4

    SHA1

    9b05ea0b257b86882ef4c4d201252ccc1215226b

    SHA256

    be07eac2fbaf4c94155632682b03115f2a8cb777ca1f03195a10ccc96ffc0c58

    SHA512

    123a7a4a45293268b3386f3d52a4987c9c90d90aaf8752702b455b6d4cc81b22c721605a8ecd54f61a8ccdc72394861eff11b9d91e5b5919e294974cd20bacce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    f5e42ef2981b8f759cf574b61b61dd73

    SHA1

    059996882abeacbdd47b467e62ff515e6f9837cb

    SHA256

    a4b1c7f9fee7e5e2335f2450e942f050e700850bbcc5964610cade86fb36f2d2

    SHA512

    119605e37fbd9f43065feb9190fdcd55fb1733957ee09ff81875f7f99a6c0b7616208deb12c7e55dda85148dc6824dc7b03c1d56ecb292f518424c7a80de76c9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOYUJSME\suggestions[1].en-US
    Filesize

    17KB

    MD5

    5a34cb996293fde2cb7a4ac89587393a

    SHA1

    3c96c993500690d1a77873cd62bc639b3a10653f

    SHA256

    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

    SHA512

    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\006C3A24.bat
    Filesize

    65B

    MD5

    348cae913e496198548854f5ff2f6d1e

    SHA1

    a07655b9020205bd47084afd62a8bb22b48c0cdc

    SHA256

    c80128f51871eec3ae2057989a025ce244277c1c180498a5aaef45d5214b8506

    SHA512

    799796736d41d3fcb5a7c859571bb025ca2d062c4b86e078302be68c1a932ed4f78e003640df5405274364b5a9a9c0ba5e37177997683ee7ab54e5267590b611

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\006C3A24.bat
    Filesize

    65B

    MD5

    348cae913e496198548854f5ff2f6d1e

    SHA1

    a07655b9020205bd47084afd62a8bb22b48c0cdc

    SHA256

    c80128f51871eec3ae2057989a025ce244277c1c180498a5aaef45d5214b8506

    SHA512

    799796736d41d3fcb5a7c859571bb025ca2d062c4b86e078302be68c1a932ed4f78e003640df5405274364b5a9a9c0ba5e37177997683ee7ab54e5267590b611

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabFAC6.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarFBA4.tmp
    Filesize

    161KB

    MD5

    73b4b714b42fc9a6aaefd0ae59adb009

    SHA1

    efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

    SHA256

    c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

    SHA512

    73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\4951STW3.txt
    Filesize

    606B

    MD5

    e01722df565629b4bf79c608f47c8abb

    SHA1

    6ae10e80120da8c6132cc3746b26589dc0a67d70

    SHA256

    3a4fa07d3bbb365b7a44db7b8ff4f52d94157f6335c121a6cf7a409f3d1ed816

    SHA512

    392c5a8798202a91f4c445c0632c4c67eee23ab52854bf76b8736477c3ef1cd6da640b6f630b9931d859bc338c9eb60386ad33935a6cad8f1d10047dbac0d942

    Download Submit

  • C:\Users\Admin\Desktop\README_TO_DECRYPT.html
    Filesize

    7KB

    MD5

    e464bbe66510895a738a538a8e8e6eec

    SHA1

    c060b16ecf41d9ec5f34c00b25e15dfd8648640b

    SHA256

    5b7a290629e3a8dc91f67c5a5df1259479979cb2c906193e705364018404e413

    SHA512

    a00acc36bfe2a7a640a6a2a25a0cf8534081908d1fed51bf875491ddaea63e8c9b77e293a51a7b287d153a8ba15081b3540390ebc9e2746312e2bc7966603ed7

    Download Submit

  • C:\Users\Admin\Desktop\README_TO_DECRYPT.html
    Filesize

    7KB

    MD5

    e464bbe66510895a738a538a8e8e6eec

    SHA1

    c060b16ecf41d9ec5f34c00b25e15dfd8648640b

    SHA256

    5b7a290629e3a8dc91f67c5a5df1259479979cb2c906193e705364018404e413

    SHA512

    a00acc36bfe2a7a640a6a2a25a0cf8534081908d1fed51bf875491ddaea63e8c9b77e293a51a7b287d153a8ba15081b3540390ebc9e2746312e2bc7966603ed7

    Download Submit

  • memory/760-308-0x0000000002640000-0x0000000002642000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1392-307-0x0000000002410000-0x0000000002420000-memory.dmp

    Filesize

    64KB

    Download