Overview

overview

5

Static

static

1

file.zip

windows7-x64

1

file.zip

windows10-2004-x64

1

Qt5Core.dll

windows7-x64

3

Qt5Core.dll

windows10-2004-x64

3

Qt5Gui.dll

windows7-x64

3

Qt5Gui.dll

windows10-2004-x64

3

Qt5Network.dll

windows7-x64

3

Qt5Network.dll

windows10-2004-x64

3

Qt5PrintSupport.dll

windows7-x64

3

Qt5PrintSupport.dll

windows10-2004-x64

3

Qt5Widgets.dll

windows7-x64

3

Qt5Widgets.dll

windows10-2004-x64

3

Qt5Xml.dll

windows7-x64

3

Qt5Xml.dll

windows10-2004-x64

3

SETUP.exe

windows7-x64

1

SETUP.exe

windows10-2004-x64

5

Settings.ini

windows7-x64

1

Settings.ini

windows10-2004-x64

1

libeay32.dll

windows7-x64

1

libeay32.dll

windows10-2004-x64

1

mac_interval_tree.txt

windows7-x64

1

mac_interval_tree.txt

windows10-2004-x64

1

msvcp120.dll

windows7-x64

3

msvcp120.dll

windows10-2004-x64

3

msvcr120.dll

windows7-x64

3

msvcr120.dll

windows10-2004-x64

3

pcre.dll

windows7-x64

1

pcre.dll

windows10-2004-x64

3

platforms/...ws.dll

windows7-x64

1

platforms/...ws.dll

windows10-2004-x64

1

printsuppo...rt.dll

windows7-x64

1

printsuppo...rt.dll

windows10-2004-x64

1

Resubmissions

28/03/2023, 14:11

230328-rhjblabd85 5

Analysis

  • max time kernel
    107s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/03/2023, 14:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Settings.ini

  • Size

    2KB

  • MD5

    737311d5f0cee9228a8e2cd7c1a7fc0e

  • SHA1

    0d1ea1a6628b5d1226d44b780c30ef8a19eab805

  • SHA256

    0b15c2caee8def765f249483459bd6cff53732bad852ecd444125d6dcfcd4198

  • SHA512

    a66c3908f21d423d49f992ab8302b688c86b0bbcf44db13815e40430c00dffaf4990ef83e21c08a1c0160dd0911c89449f22dd485a318173c5e96f179802c59c

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\Settings.ini
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:3780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads