Analysis
-
max time kernel
49s -
max time network
36s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
28-02-2023 14:36
General
-
Target
b63e94928da25e18caa1506305b9ca3dedc267e747dfa4710860e757d2cc8192.exe
-
Size
75KB
-
MD5
0706764b3963df092079d3bdef787a1f
-
SHA1
73c2460d59f3d0637523ca6d35425aae14358ba1
-
SHA256
b63e94928da25e18caa1506305b9ca3dedc267e747dfa4710860e757d2cc8192
-
SHA512
3af7ff3b2aa689eb4c410562b5ead74ff77417da941521928391c6fac3dcc6a75f6d866f52b12f67a41564cfa81afcda51857c0f208f9e90e8629e0f0b5d5cb4
-
SSDEEP
1536:9aX51pVH9hsgNGLs6BLM1frxz/HTfcKKBaJGp:OfJGLs6BwNxnfTKsG
Malware Config
Extracted
C:\Users\Admin\Desktop\README_TO_DECRYPT.html
quantum
Extracted
C:\Users\Admin\Desktop\README_TO_DECRYPT.html
quantum
http://tijykgureh7kqq5cczzeutaoxvmf6yinpar72o3bxome7b44vwqxadyd.onion/?cid=9064d8b148a0f19a9e3598a6e0b0aeb16d21da8260218355164eefdf45b6ef60
Signatures
-
Quantum Ransomware
A rebrand of the MountLocker ransomware first seen in August 2021.
-
Modifies extensions of user files 4 IoCs
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s) 26 IoCs
-
Modifies Internet Explorer settings 1 TTPs 37 IoCs
-
Modifies registry class 11 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 7 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
-
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\b63e94928da25e18caa1506305b9ca3dedc267e747dfa4710860e757d2cc8192.exe"C:\Users\Admin\AppData\Local\Temp\b63e94928da25e18caa1506305b9ca3dedc267e747dfa4710860e757d2cc8192.exe"1⤵
- Modifies extensions of user files
- Drops desktop.ini file(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\\006C3209.bat" "C:\Users\Admin\AppData\Local\Temp\b63e94928da25e18caa1506305b9ca3dedc267e747dfa4710860e757d2cc8192.exe""2⤵
-
C:\Windows\system32\attrib.exeattrib -s -r -h "C:\Users\Admin\AppData\Local\Temp\b63e94928da25e18caa1506305b9ca3dedc267e747dfa4710860e757d2cc8192.exe"3⤵
- Views/modifies file attributes
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\README_TO_DECRYPT.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:568 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
342B
MD5441982728b0966b019be8b810da15a2d
SHA12608885d711cea33609d32a028f48b6eaa5a0a0f
SHA256c885adf1eb643ef1edc103493cb3f2345e2837ad10e7cf7930d00c2dfbb8ca39
SHA51272bd283c26a780d3c6ee55ce00510413bf376be2386eb4bb4bb6fd3f67aa4a578f3ebe5a4e8784946b3733411414492b3ca5534272a030ac9f478c630436a62c
-
Filesize
342B
MD54e08d0259e4e7d34283f9d1562f03536
SHA1913154e942d18e695367b6d2c625bef76d1ee2fe
SHA256effd0831ce4ffe999ab729a612472dff583d240f0eabd924107bfc4f01c06c2d
SHA512fecb6d4f8458f7685964eb9daae3931e8f83755b9215cef5d77c95e22476a69c35a8dc2ab76aee176f913ffe3af65ace541dd0e5b568c56a1ce1f0e77fb364ee
-
Filesize
342B
MD594c6cdeeb2b111cf6c17c6792a53aa68
SHA16f420a578d125cd67793249cc31d38a5775ea239
SHA2568556620773692e71e581b848ea955af5b68593afcad55ac1d10ce07443b73bd1
SHA51269472b0bca1aeb489f804999d1b1b4794c3ccb43246b6fbd84b769aba541a2e78ee4866e1c29f27b95092d0a66fb700644f858eeef6fde05ec12661ec7a5da6e
-
Filesize
342B
MD5daa6467fd75694763008ad1df57d42ba
SHA1188ccb5fa3a3dd2529b926d30b4c038f4bb8355c
SHA256693a85b14413238cd0bf5c1db7e1dc3db4c6a7f0e6422c1d5b28a5c09a135f85
SHA51221694be8ccd38abde48b873b4451825aaa96a1a25d3b8300b34e40780cca64630761dba2a4b8414948187a27dd8d4e51b52990976662d833e99f58a711ad5b17
-
Filesize
342B
MD5792da1938eea2f88df5d632e7f81fa7a
SHA127f2ed7b636e9856f9193c94496ced8606eaf9d0
SHA256229f5c4a1c0c6799c616aad3ee47723be6674d59d5cb50ec680f8ff1983e8dc9
SHA51287e34e1d6d6124fb2637959900def72d7e36b36eea2153093280dea89779788db2c6a1268872c6badc889ed295140d355f71b60c38783627b58e40287ba4e1d9
-
Filesize
342B
MD5fb86caefa90e9deeffcbf0e096f3ddae
SHA1e40a6d503084d06f5b9fbff80fff7282e48f709e
SHA256521b105fbebde5537c04f0a3efb3bafe8a08ec9803c0466e70bfdd76e18ef0b6
SHA512014465dbc8b330f7fb1b874c48b7c7c7e95145b937d5e2b0c35ab04343f69403395f4182ba54353571d15e94cd7f02784312510ed586e159067de6a4ec0b37e6
-
Filesize
342B
MD52bad106deea04bf8f0be0ce52502c719
SHA1fc06d7c1a6dd1c4a237453c86e8c4d62cc06970b
SHA25615fc4eb2a738562f9fecf1f643ac4974d1844c403db55dde098dadfb88d0dc09
SHA512fb8259fc499e75c12fd213d7d7f81018b67cedfc24afd1f3a3e8d7018e94494021a4d8676c9e407b174dbf5eb97c51ca701e7b62511c114ccaf3511ce9e7ed60
-
Filesize
342B
MD5d8321a5477b8f33e96e3285ad0113d71
SHA1df16121f4f9cdb049a251a1e3f7381def4dbf5dd
SHA2565fcd374ada1fec205d7fda582fe122f492d5ffe8ac3eb41511999cd9b880e4ee
SHA5129d516202b19e61e7c955a5e7990254fb0e9b0660e79a0ac59593926f677da238bd9f009eae67f2badf011e9f15e8dbe8afcf3db964496b5c656ce985d60e4e0b
-
Filesize
65B
MD5348cae913e496198548854f5ff2f6d1e
SHA1a07655b9020205bd47084afd62a8bb22b48c0cdc
SHA256c80128f51871eec3ae2057989a025ce244277c1c180498a5aaef45d5214b8506
SHA512799796736d41d3fcb5a7c859571bb025ca2d062c4b86e078302be68c1a932ed4f78e003640df5405274364b5a9a9c0ba5e37177997683ee7ab54e5267590b611
-
Filesize
61KB
MD5fc4666cbca561e864e7fdf883a9e6661
SHA12f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA25610f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d
-
Filesize
161KB
MD573b4b714b42fc9a6aaefd0ae59adb009
SHA1efdaffd5b0ad21913d22001d91bf6c19ecb4ac41
SHA256c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd
SHA51273af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd
-
Filesize
2KB
MD5466d9ecfe8602b940a0463764fd07b78
SHA17b77fc2d4308a1ee0102a4a352e2d5ea402b5a98
SHA256a5bacdaf1f6b4f8c0e21266d797e81c58d29cc1363b7a28b012eb24e1cb99455
SHA512058e74c4b94303202e8546abe09dbb8ec3b685dee908cb95a849902b71b8bc16405312dc16ee361afbc7178702d1eff9833295276de9b6d501af4403a03568a7
-
Filesize
2KB
MD5466d9ecfe8602b940a0463764fd07b78
SHA17b77fc2d4308a1ee0102a4a352e2d5ea402b5a98
SHA256a5bacdaf1f6b4f8c0e21266d797e81c58d29cc1363b7a28b012eb24e1cb99455
SHA512058e74c4b94303202e8546abe09dbb8ec3b685dee908cb95a849902b71b8bc16405312dc16ee361afbc7178702d1eff9833295276de9b6d501af4403a03568a7
-
Filesize
2KB
MD5466d9ecfe8602b940a0463764fd07b78
SHA17b77fc2d4308a1ee0102a4a352e2d5ea402b5a98
SHA256a5bacdaf1f6b4f8c0e21266d797e81c58d29cc1363b7a28b012eb24e1cb99455
SHA512058e74c4b94303202e8546abe09dbb8ec3b685dee908cb95a849902b71b8bc16405312dc16ee361afbc7178702d1eff9833295276de9b6d501af4403a03568a7
-
Filesize
64KB
-
Filesize
8KB