Overview

overview

10

Static

static

1

d9ccbf38c1...ad.exe

windows7-x64

10

d9ccbf38c1...ad.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    30s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    01-03-2023 17:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d9ccbf38c1234f851767aff6c5a3d69c66024088830612ccbd98fdee263865ad.exe

  • Size

    75KB

  • MD5

    14803cb39cd81efd2a40a38a58dcba70

  • SHA1

    fe328839ea5f9a472ee47b68ca92c0d7eac2a47c

  • SHA256

    d9ccbf38c1234f851767aff6c5a3d69c66024088830612ccbd98fdee263865ad

  • SHA512

    fa4c9d6e80a47a2898b427108326642e551e9611238032d58be8f15498841509e4bf33b20504e93f508b451b55387d1f1053776c70cc11d0975f740beb395b7e

  • SSDEEP

    1536:9aX51pVH9hsgNGLs6BLM1frxz/HTfcKKBaJGOi5Lc:OfJGLs6BwNxnfTKsGOu

Score
10/10
quantumransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\README_TO_DECRYPT.html

Ransom Note
ALL YOUR DATA IS ENCRYPTED by QUANTUM What happened? All your files are encrypted on all devices across the network Huge volume of your data including financial, customer, partner and employees data was downloaded to our internal servers What's next? If you don't get in touch with us next 48 hours, we'll start publishing your data to the Data Leaks Portal How do I recover? There is no way to decrypt your files manually unless we provide a special decryption tool Please download TOR browser and CONTACT US for further instructions Hours Minutes Seconds

Signatures

  • Quantum Ransomware

    A rebrand of the MountLocker ransomware first seen in August 2021.

    ransomwarequantum
  • Modifies extensions of user files 10 IoCs

    Ransomware generally changes the extension on encrypted files.

    ransomware
  • Deletes itself 1 IoCs
  • Drops desktop.ini file(s) 26 IoCs
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 10 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\d9ccbf38c1234f851767aff6c5a3d69c66024088830612ccbd98fdee263865ad.exe
    "C:\Users\Admin\AppData\Local\Temp\d9ccbf38c1234f851767aff6c5a3d69c66024088830612ccbd98fdee263865ad.exe"
    1⤵
    • Modifies extensions of user files
    • Drops desktop.ini file(s)
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1048
    • C:\Windows\system32\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\\006C6A96.bat" "C:\Users\Admin\AppData\Local\Temp\d9ccbf38c1234f851767aff6c5a3d69c66024088830612ccbd98fdee263865ad.exe""
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:1184
      • C:\Windows\system32\attrib.exe
        attrib -s -r -h "C:\Users\Admin\AppData\Local\Temp\d9ccbf38c1234f851767aff6c5a3d69c66024088830612ccbd98fdee263865ad.exe"
        3⤵
        • Views/modifies file attributes
        PID:1692
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\README_TO_DECRYPT.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1924 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:948

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
    Filesize

    61KB

    MD5

    e71c8443ae0bc2e282c73faead0a6dd3

    SHA1

    0c110c1b01e68edfacaeae64781a37b1995fa94b

    SHA256

    95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

    SHA512

    b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    031c9f325d99bb9ab5884e3165449d6f

    SHA1

    8c796762fcfea9a312e4631958e134fa01fe5c21

    SHA256

    1fbaf1b4b3fa50a3a4298b5a3256de103f62dbb29376a06a26acfda7d61b50d9

    SHA512

    8210966574bd21a1892fb8937b46e470c4eda07d66b39c2a17225d05369ac295f485fdf99d69d9fe53cf7499c4fa57d4dd1c978ec4c7d4cb34a1822aa885ffd0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1b24f964971e4cbf6cd784f3a9bdacba

    SHA1

    9085a7fb70e63624f136f438c6e8e90060b36868

    SHA256

    f4c67e39f251aa35a699d3ddfd2b932b475dfe29592d71362f990ef811c982e9

    SHA512

    99b2cf721ec45e1700a0770d2d7f86e86fa5795ff2b564ea2b4874ba8be7b91ec3f29c932da73617c71e978ab930df713185d5fddc485322d15a678e66f6fd1f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3d282c00773935a100f40244f351167c

    SHA1

    00d14ebe320ad279707ba6ee5ac39041ec99bdf3

    SHA256

    fbf536a5dd09086da10b62a2de45db8c22c7c8fdc6f80e9f9cfcfa4a0261259c

    SHA512

    bdfe37a09acab00ca29cb30d48f7910c8fc6cc19fea68699e4848e0849d3576b9db02fa79d949fa39131812d916b09768a4aa99be085a8dea4aa2efd1ed8a085

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    29b3a2c20979edc2719c5c767174c35f

    SHA1

    7734ae32e9420cf0df2e81b9192b57f1359834e4

    SHA256

    765b717ba07a46e956469990800ac8feb015e61d2850d33f596169a79e395b52

    SHA512

    b7b6801b818f9d4f2737f275445664563236f603959615be97d01b81ca363b3fa1aacdaad1c0ea49fc0a6199ba9e60caeabd1ffca05354885f70036c5b5b5e6d

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    dd124f49340d8b71fe5eac8f07438d3f

    SHA1

    5ecc80d6646f56bd8ff5935d6b413e3c1ca77eba

    SHA256

    b1062d14f1dbfe4e210b1116c3871ce0ec93e3a7322d96b738a0be6fe204e9a6

    SHA512

    592d10553ae6ba26cbb485847e9c040f6517f24d3fe6475c177b18c3e57a97755163dc38a3ef20941f0e9074fee273452fd2cdc73e5c22f95ea1e1dfdc701069

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    c5fa0c91ce5c50e6d31c4aac6d80b915

    SHA1

    e79b33ffb92b6e844d4f8a057e5fa7808632d662

    SHA256

    8b5f6777341aa48ccece87f1da24fd50e779b878c717efc371735c8daa6a59a5

    SHA512

    51421d5849c4d17f5bc8392ed32cc6d141a96e9ec2f2da045c48c7ab6d50f8d9dd5af8a08f836c1d05e27f401beef0cd9be3497fb1df42d03c221436cb7cdfce

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fa152495bc463237dea1f8de8186b0a4

    SHA1

    68b0e9c7647408e7247b1ec590960bd5b5907b4b

    SHA256

    8c787ce62612a6870b2015f8c7c58d7fae96ad0feb64e4ab1e0f63b8d0f790d1

    SHA512

    a43c47b4ab779a6adec0e04cdffa12899b1a0a3d2e47182736c686eeeb54ca4dfd05fb7f50d47929a0b150237c151f2c486440e2283f4b1810a57013dabe9a70

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    1eacf4112fd8a0ac27e79d1cdd257713

    SHA1

    cf976747fc3296a7286d5c9e292f46af84dd2af1

    SHA256

    f560dba4002c222b0f6c5a150677b43cdff102440eba9a727b8e9bf77416e306

    SHA512

    fac1ac082a683e13df444353b3da07d9e89f553548e69d47adb7a224e2971bdf959989ad1255a608395d215141c5249bd07c4ec0d6676e943af939102a836869

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    50ca6946f914ec6d4d47da5b27625f53

    SHA1

    c5e5b9cdd08ff662b7c8d787350e213b1ee47825

    SHA256

    f0264040668eaed4f255f2b8e312c6c91fc8fe826dca8469e8c552cc00933d30

    SHA512

    3feb6f0199f9ae33b27d7ce0d271de46de9049424554c9b073ad491effd9664761f3a04ef9c92f6353c02014b779b61a46c37202ef88b0e8987e626e0f1bd76d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\006C6A96.bat
    Filesize

    65B

    MD5

    348cae913e496198548854f5ff2f6d1e

    SHA1

    a07655b9020205bd47084afd62a8bb22b48c0cdc

    SHA256

    c80128f51871eec3ae2057989a025ce244277c1c180498a5aaef45d5214b8506

    SHA512

    799796736d41d3fcb5a7c859571bb025ca2d062c4b86e078302be68c1a932ed4f78e003640df5405274364b5a9a9c0ba5e37177997683ee7ab54e5267590b611

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\006C6A96.bat
    Filesize

    65B

    MD5

    348cae913e496198548854f5ff2f6d1e

    SHA1

    a07655b9020205bd47084afd62a8bb22b48c0cdc

    SHA256

    c80128f51871eec3ae2057989a025ce244277c1c180498a5aaef45d5214b8506

    SHA512

    799796736d41d3fcb5a7c859571bb025ca2d062c4b86e078302be68c1a932ed4f78e003640df5405274364b5a9a9c0ba5e37177997683ee7ab54e5267590b611

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabAC0B.tmp
    Filesize

    61KB

    MD5

    fc4666cbca561e864e7fdf883a9e6661

    SHA1

    2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

    SHA256

    10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

    SHA512

    c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\TarAE54.tmp
    Filesize

    161KB

    MD5

    be2bec6e8c5653136d3e72fe53c98aa3

    SHA1

    a8182d6db17c14671c3d5766c72e58d87c0810de

    SHA256

    1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

    SHA512

    0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

    Download Submit

  • C:\Users\Admin\Desktop\README_TO_DECRYPT.html
    Filesize

    7KB

    MD5

    b036e33fabf6e1300c6874867d9b0f8e

    SHA1

    09c57c33a616cc7fa7d6f2453ca6916e7b4ff58b

    SHA256

    53d8388fa21fe9325816272ea4b20b827e502c3933a2342b990def883fa0ced3

    SHA512

    298ac4a142bc2498151b817091934dd18821c4088768a2e1188284801a12e83fe0d5a948e0a12f80325956d53cca209c6dfe75a092c77b20066e605090f32596

    Download Submit

  • C:\Users\Admin\Desktop\README_TO_DECRYPT.html
    Filesize

    7KB

    MD5

    b036e33fabf6e1300c6874867d9b0f8e

    SHA1

    09c57c33a616cc7fa7d6f2453ca6916e7b4ff58b

    SHA256

    53d8388fa21fe9325816272ea4b20b827e502c3933a2342b990def883fa0ced3

    SHA512

    298ac4a142bc2498151b817091934dd18821c4088768a2e1188284801a12e83fe0d5a948e0a12f80325956d53cca209c6dfe75a092c77b20066e605090f32596

    Download Submit

  • memory/948-352-0x0000000001160000-0x0000000001162000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1924-351-0x0000000002C10000-0x0000000002C20000-memory.dmp

    Filesize

    64KB

    Download