Analysis
-
max time kernel
49s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
01-03-2023 17:08
General
-
Target
sample.dll
-
Size
365KB
-
MD5
4401c2782092881cd54018f1381b1521
-
SHA1
8e96e2c9f1ade2a762c839e5dd6d2c6beb576363
-
SHA256
6606dac5b89e76be4d85a85bdd8cb5f6c13c0fc887a3c0072d064713932a23f4
-
SHA512
4c383a6901ba719fd15d56ba6b40f1cd0dc5f2e20eae9cadd2d477f8f16262a0f8fca3a4ca20227a02d5eb086a774ba0783b3dcaf019bbe09ff21a3182b2b0d9
-
SSDEEP
6144:Rtht/U8T6AOHdt8lIJASVO30UFimXNxtipVO30UFimXNxtiH:/wValD/30Wietia30Wieti
Malware Config
Extracted
C:\Users\Admin\Desktop\README_TO_DECRYPT.html
quantum
Extracted
C:\Users\Admin\Desktop\README_TO_DECRYPT.html
quantum
http://obqregdsd7dmilzf3aqvegn3sofpufsvb2n3m2dvwfhsgthemvyi44qd.onion/?cid=207aa5c60e08117ba86c113b3ff9e298662fcbb016c5a26f799ece0677a89f56
Signatures
-
Quantum Ransomware
A rebrand of the MountLocker ransomware first seen in August 2021.
-
Modifies extensions of user files 11 IoCs
Ransomware generally changes the extension on encrypted files.
-
Deletes itself 1 IoCs
-
Drops desktop.ini file(s) 26 IoCs
-
Modifies Internet Explorer settings 1 TTPs 27 IoCs
-
Modifies registry class 5 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 6 IoCs
-
Suspicious use of WriteProcessMemory 10 IoCs
-
Views/modifies file attributes 1 TTPs 1 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\sample.dll,#11⤵
- Modifies extensions of user files
- Drops desktop.ini file(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\\006C7946.bat" """2⤵
- Deletes itself
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\attrib.exeattrib -s -r -h ""3⤵
- Views/modifies file attributes
-
-
-
C:\Program Files\Internet Explorer\iexplore.exe"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\README_TO_DECRYPT.html1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1900 CREDAT:275457 /prefetch:22⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
61KB
MD5e71c8443ae0bc2e282c73faead0a6dd3
SHA10c110c1b01e68edfacaeae64781a37b1995fa94b
SHA25695b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72
SHA512b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6
-
Filesize
342B
MD5a6d9486a1a76a960123d9f9ea30e36e4
SHA1daec44539db43e60e9306e54bf2eb37a142e055b
SHA256f8fce5950b2500516cfebf7ab067f7cd6c7900ba051fed87796222427fb017e0
SHA512e0708ff990fbad34d8755cc72154e9def6119993a9002082b694c11aab41fbed55c67a9b35134cb1babed3926e29e59624c6fbf9ba0c4950dcd50126c50fa1a9
-
Filesize
342B
MD5c0f57ea0f9c2b6c88dc697d9127239ed
SHA1121317a5933115f7b1695a50c86e256f563473ce
SHA256ecf94cdbb14343938830a23f8333e9f03e4a64fe2b85a67e54ef7d47d6ca85fb
SHA51225f37f7a219d5768eb29b0cff6956060799f08c4e6fd81cc173bdb32fe9e19b985a7eea2fcff11d83730ce3044fda193f1d061221c279fdf25aea51289254c24
-
Filesize
342B
MD501723897c3e82fefbe6e0dfd4571083d
SHA11c0085877c02e630bb22ef9b8006afe3e4de641e
SHA2565db5098957947981d6ddf7f5eb0f3a4731e7cac6301f7b555a8df875a725e8d7
SHA512b05505608e653b33afaaebd7be2bc8cbc91c9a8517caf87331261837f7d7fb45c099ab93609867de37aa19946a56d57d35eaa29391e156e3d00980b7b5fc6757
-
Filesize
342B
MD5e833ea6980603157309cad7e0ef9ab52
SHA1275aa432698f5ecf87430846dad1c7ee4c4b1d3e
SHA2566ced8db2233b70ef742fd9d61bf553894b91869aa713bdede09428b892a45e2b
SHA512c7b44ab596c368ee675058e3b06589a300a0b3e991de02cd2be364a298da4b4f87f35542b7e0781e32482a8918e640be154e42a0e09853607c71f1b4e230ac95
-
Filesize
342B
MD596579d8d59b64ee47edaf816b019754e
SHA14f46a917f486fd845db64e4ace31861ee3b24f2f
SHA25643a15113b1aa19c5db77b00b571f8bd58bb6b44147deaf8d59e19a90b98ec24b
SHA5124496bd331676effb7335f42cb90dbbc4ad9e4672b61389ac7a37f8b314ae0040ce537065b049e4fcacb297b2fbe7c75edbcd69025aef816d76c64b222ab3dd5b
-
Filesize
342B
MD5fecaa053a148e42dd78d86bb8eee5cca
SHA1bbb69eb42ada47fcab91725a9ee621570d69e97f
SHA256266dc7b270a9a0129ed9adbf421dfec8477195abb553c4d0ed75eba59eaba689
SHA51220355b66ac36ae99178757613a690ee21c7d717de742b147860c00b31b0e3c9ee06540cc911371bc06c3140126d42d9565f36446d5eae5638254773c9fb84179
-
Filesize
342B
MD5137d7e9d70dc4990a5772ebe4f7958b3
SHA1b233da419ed2351a22fe5be58b8ad9eb8d5254a0
SHA256183d064e5363caf816db0c080c1986a7162c482f347afd204673b2767e23f46f
SHA512d6ce5efcbd8c67a3ad35f7b1bd09c351f4f08838f621e9fcb3a6e171ec5d3f55d737a4bd89d4727d35ad9280fc0ee7f5f44c94ef3cf45c79f3b759db5e531c56
-
Filesize
342B
MD5dd363ee366976e2c365025a4360293d7
SHA19a0367a1ddbac0ee5cbd9e70c7110081648a5a76
SHA256bfbd7c7c057f9c48c856ba81847ad1919bd8b6927d40a60a3ad2a3891533a5c4
SHA512202f6407d97f44c561b02aef295ca0d10b6384a9e965d2de5a17f3c704c0572373ea16569bb4cefc2e6eecaa4f211a52e5758cedc157b0ade33b10db8c7d06c6
-
Filesize
70KB
MD58ad3c9a960495ed705f8315b3eba12ba
SHA17d5c32304102b619c25c78df822191c8e4668234
SHA2568e9c280d9e28269c7091d738f14b4c125e7afd251886d04dec6cb0106645e0b6
SHA51211ef5a79dbc315becb519a20559b38013bd44e3ab8faadf8cf600de7d456ca5d5e603827bbe0a11e8f889713b5a759eaf773c34b75ae762de173d04e07dbf9e5
-
Filesize
65B
MD5348cae913e496198548854f5ff2f6d1e
SHA1a07655b9020205bd47084afd62a8bb22b48c0cdc
SHA256c80128f51871eec3ae2057989a025ce244277c1c180498a5aaef45d5214b8506
SHA512799796736d41d3fcb5a7c859571bb025ca2d062c4b86e078302be68c1a932ed4f78e003640df5405274364b5a9a9c0ba5e37177997683ee7ab54e5267590b611
-
Filesize
65B
MD5348cae913e496198548854f5ff2f6d1e
SHA1a07655b9020205bd47084afd62a8bb22b48c0cdc
SHA256c80128f51871eec3ae2057989a025ce244277c1c180498a5aaef45d5214b8506
SHA512799796736d41d3fcb5a7c859571bb025ca2d062c4b86e078302be68c1a932ed4f78e003640df5405274364b5a9a9c0ba5e37177997683ee7ab54e5267590b611
-
Filesize
61KB
MD5fc4666cbca561e864e7fdf883a9e6661
SHA12f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA25610f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d
-
Filesize
161KB
MD5be2bec6e8c5653136d3e72fe53c98aa3
SHA1a8182d6db17c14671c3d5766c72e58d87c0810de
SHA2561919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd
SHA5120d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff
-
Filesize
2KB
MD5dcde2c2617eca250e9224f3f1df64f55
SHA175791ff192eb4e823fb8d88cc7d33a994732ecb9
SHA2566918f606de66e21900d915bd6b2b65ea71b34bea62ef29ce0ac14447e89f6b82
SHA512af042b2f52f68316fe999831bac54433096a5efd318e2d0614994c905e399fad87040416bccbd2cc690b6bb3f48f1905caddb9aa9eef40c42c36d8fafb7caecb
-
Filesize
2KB
MD5dcde2c2617eca250e9224f3f1df64f55
SHA175791ff192eb4e823fb8d88cc7d33a994732ecb9
SHA2566918f606de66e21900d915bd6b2b65ea71b34bea62ef29ce0ac14447e89f6b82
SHA512af042b2f52f68316fe999831bac54433096a5efd318e2d0614994c905e399fad87040416bccbd2cc690b6bb3f48f1905caddb9aa9eef40c42c36d8fafb7caecb
-
Filesize
96KB
-
Filesize
396KB
-
Filesize
396KB
-
Filesize
8KB
-
Filesize
64KB