ff8b0de67671abebddee8c26f2f7c81abe677e337706ade78464ddf8e99b3550

General

Target

35a273df61f4506cdb286ecc40415efaa5797379b16d44c240e3ca44714f945b.dll
Size

165KB
MD5

b6c1128fbff30b2a37498a042261ebbf
SHA1

1028a0e6cecb8cfc4513abdbe3b9d948cf7a5567
SHA256

35a273df61f4506cdb286ecc40415efaa5797379b16d44c240e3ca44714f945b
SHA512

4d6610654e0d86466ecfb90f1131df33eb7a146393a5c4a6daec691807a5c8b7661e53dfaabc9e944c659b7ca50927ff452747a7ea0cc2e9f37ead139f876697
SSDEEP

3072:AQO8F9MRWkb5+YZ3qcdk4zRc4nsEwp82RHnSxFgcpwDT:y8/M9b53aH4PnqHSVwDT

Score

10^/10

ransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\ExportResolve.mpeg3

Ransom Note

??? What happend??? !!! Your files are encrypted !!! *All your files are protected by strong encryption with RSA-2048.* *There is no public decryption software.* ###### Program and private key, What is the price? The price depends on how fast you can pay to us.###### 1 day : 50 Bitcoin 2 day : 60 Bitcoin 3 day : 90 Bitcoin 4 day : 130 Bitcoin 5 day : permanent data loss !!!! Btc Address: bc1qakuel0s4nyge9rxjylsqdxnn9nvyhc2z6k27gz !!! After received, we will send program and private key to your IT department right now.!!! *Free decryption As a guarantee, you can send us up to 3 free decrypted files before payment.* email: [email protected] !!! Do not attempt to decrypt your data using third-party software, this may result in permanent data loss.!!! !!! Our program can repair your computer in few minutes.!!! 20496��

Emails

[email protected]

Extracted

Path

C:\Users\Admin\Videos\desktop.ini

Ransom Note

??? What happend??? !!! Your files are encrypted !!! *All your files are protected by strong encryption with RSA-2048.* *There is no public decryption software.* ###### Program and private key, What is the price? The price depends on how fast you can pay to us.###### 1 day : 50 Bitcoin 2 day : 60 Bitcoin 3 day : 90 Bitcoin 4 day : 130 Bitcoin 5 day : permanent data loss !!!! Btc Address: bc1qakuel0s4nyge9rxjylsqdxnn9nvyhc2z6k27gz !!! After received, we will send program and private key to your IT department right now.!!! *Free decryption As a guarantee, you can send us up to 3 free decrypted files before payment.* email: [email protected] !!! Do not attempt to decrypt your data using third-party software, this may result in permanent data loss.!!! !!! Our program can repair your computer in few minutes.!!! 512��

Emails

[email protected]

Signatures

Modifies extensions of user files 1 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

description	ioc	Process
File opened for modification	C:\Users\Admin\Pictures\RequestConvert.tiff	rundll32.exe

Drops desktop.ini file(s) 16 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\3D Objects\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	rundll32.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\35a273df61f4506cdb286ecc40415efaa5797379b16d44c240e3ca44714f945b.dll,#1
1⤵
- Modifies extensions of user files
- Drops desktop.ini file(s)
PID:2348

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Desktop\ExportResolve.mpeg3

Filesize
723KB

MD5
0cd847caabd01c49d599087606f3bfb8

SHA1
64336d86ad0fe2dc9313a8ac09c34b239b00bf25

SHA256
74221dfda37afafd261b2cece948f2e8e888118cc9bc45ffbcf9e5d00885d547

SHA512
a659a476bf5311d5d5b2cd8bd58309919712e4e4ae9e0f895525c7a7c499a75b0c47006061aa7fa936ae98f6a7c361b75c03a8b50740484dab6b5445b4d644be

Download Submit
C:\Users\Admin\Videos\desktop.ini

Filesize
20KB

MD5
8c90569171e7d96193bad4adfc7b03f3

SHA1
450ae2b76cbf561d484dc3b14aeb928d58c8623d

SHA256
a8558f4a0ad7e3cab360781bdd081ebdc4655f1131fb995d0f8c597f25ca399e

SHA512
19ce1e731c7c398ca515cd25ddd24a89e43db461d04790587e10be31cd04a1083e26cc749b5db0e74b7f41439c12c3a798e2189ed2286a4758058fbacbb1cd48

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads