1ea74a641d3249f354cbcd627594f40f4e40a67d92c3d297cffe63777ee192e9

Analysis

max time kernel
30s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01/04/2023, 17:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Ransom.exe
Size

9.4MB
MD5

7a3fe7414f9cca472887af58fbdb7e1d
SHA1

77623093b7b46e1d9a1454670604153a69ff7e97
SHA256

1ea74a641d3249f354cbcd627594f40f4e40a67d92c3d297cffe63777ee192e9
SHA512

b616904bccbe2d8d5cdd88f6375076d6080c2b1a3717858a37944c84c4d4d44c3181b885397270cdb525e25dc6758c6402f4d57226cfbf0fdb86478a5c3862ea
SSDEEP

196608:7VUH7K1ke3o5AeNp93S3EL2V76+DILZy7YM30LzajQr2R5pLMGD:G21bYPh8EL2V76mq0GzajQ+5xM

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 7 IoCs

pid	Process
1472	Ransom.exe
1472	Ransom.exe
1472	Ransom.exe
1472	Ransom.exe
1472	Ransom.exe
1472	Ransom.exe
1472	Ransom.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 1472	1348	Ransom.exe	28
PID 1348 wrote to memory of 1472	1348	Ransom.exe	28
PID 1348 wrote to memory of 1472	1348	Ransom.exe	28

C:\Users\Admin\AppData\Local\Temp\Ransom.exe
"C:\Users\Admin\AppData\Local\Temp\Ransom.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Users\Admin\AppData\Local\Temp\Ransom.exe
  "C:\Users\Admin\AppData\Local\Temp\Ransom.exe"
  2⤵
  - Loads dropped DLL
  PID:1472

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI13482\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
309ff152e830995a7978da8b20ebb318

SHA1
7daaf752d511b0fdae74008a5d0808f51553f21e

SHA256
940a9a02e564e2ce13280b78f4aa7b794b97685830edf2be3fbb0aecfdee707d

SHA512
565ea894214b88ea1a50779a1f36db2cbeb0aaf77a24d92b3d66c1ddab2dc57876205aa02721f79d3d4d01012df7347b62f4b8504f65915e07170b6901a7679c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13482\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
1e10f8ae883cdf8fc5fe166e61bd4c45

SHA1
5bc3de1f03674a32b309869a5f1b48d89790ff40

SHA256
e9e0a414c092ac237ee2c0e5f167efe9ff5e62314a5eb529011f85bdf7c0b2b7

SHA512
2ab555986a57f7fda8e284d472d1c1ca583e2415b6e9deccb0f1b0c72ce81fcddb1c733dc0b8f9d0f3ab8eae21864080c9091202ff99655534019b28a3ea866a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13482\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
d13d82a9f3a0ee74f5c778ea50de9d4b

SHA1
afbf2470f0d46caf56f792ee10f6e86d58fc1aef

SHA256
139594138f923f34192b84edd810a6292eeb880e7797aeb3b9f22e69613426cf

SHA512
8544c73b9fb957ce0af9c112e0e06f3548525995d242098bf54c6d9e1a9822b1687bb5c32f85a7496632bfcabd4982ad8d573d74e1dc500c51cbd51558f8d6ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13482\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
e105a7a95c3446b76a521c741ab03d1b

SHA1
b8371e3d938daca45bfd7ef2101e6fabd0e2450d

SHA256
a2947ba9d0c5510a62f685c839990cbe4ec43e2c7b38e20938420b562229090f

SHA512
10d4ed9e7a47d21bf04bb6c3b181e66528755601b1b748d2c23c20c9543f18e2cc2e87e133db5569b19d04748356891159ba210c1e3e719bb6dafce054a7c55a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13482\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
e27aa1ee2a6b5aa8d746ceed7095fdaf

SHA1
e7bc272932c30c494e672bc2871bbc26d2c758b6

SHA256
31e96eaf08a5dad4afe4304c97d18aefdfdc22c444c9f67be272f8e6282aa76a

SHA512
4c075c2ebab277480a05108588155d6f669c32d0bffd4264bc4d316fbaee613f940ffe4432ff906346f4290c5e379c7449a989c932834aed4c3f972d905b59e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13482\python39.dll

Filesize
4.3MB

MD5
2135da9f78a8ef80850fa582df2c7239

SHA1
aac6ad3054de6566851cae75215bdeda607821c4

SHA256
324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3

SHA512
423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI13482\ucrtbase.dll

Filesize
987KB

MD5
28647d8fb402416cb1c986894d849c50

SHA1
bf0eaa587001214a4d6e6876b8adfcb49254450b

SHA256
b3591e2ba725934a1a659882444b85b186da44d2dddaba3b66587dd3f97364ab

SHA512
689346b9d9fa2f93a5d50af15eee9cc18ee819c00986dabbdd102126556466adecc412a8c539a8d22239cddccc1c3d3dd5783dff047f593bfd7be761c0ab9b12

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13482\api-ms-win-core-file-l1-2-0.dll

Filesize
13KB

MD5
309ff152e830995a7978da8b20ebb318

SHA1
7daaf752d511b0fdae74008a5d0808f51553f21e

SHA256
940a9a02e564e2ce13280b78f4aa7b794b97685830edf2be3fbb0aecfdee707d

SHA512
565ea894214b88ea1a50779a1f36db2cbeb0aaf77a24d92b3d66c1ddab2dc57876205aa02721f79d3d4d01012df7347b62f4b8504f65915e07170b6901a7679c

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13482\api-ms-win-core-file-l2-1-0.dll

Filesize
13KB

MD5
1e10f8ae883cdf8fc5fe166e61bd4c45

SHA1
5bc3de1f03674a32b309869a5f1b48d89790ff40

SHA256
e9e0a414c092ac237ee2c0e5f167efe9ff5e62314a5eb529011f85bdf7c0b2b7

SHA512
2ab555986a57f7fda8e284d472d1c1ca583e2415b6e9deccb0f1b0c72ce81fcddb1c733dc0b8f9d0f3ab8eae21864080c9091202ff99655534019b28a3ea866a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13482\api-ms-win-core-localization-l1-2-0.dll

Filesize
15KB

MD5
d13d82a9f3a0ee74f5c778ea50de9d4b

SHA1
afbf2470f0d46caf56f792ee10f6e86d58fc1aef

SHA256
139594138f923f34192b84edd810a6292eeb880e7797aeb3b9f22e69613426cf

SHA512
8544c73b9fb957ce0af9c112e0e06f3548525995d242098bf54c6d9e1a9822b1687bb5c32f85a7496632bfcabd4982ad8d573d74e1dc500c51cbd51558f8d6ba

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13482\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
13KB

MD5
e105a7a95c3446b76a521c741ab03d1b

SHA1
b8371e3d938daca45bfd7ef2101e6fabd0e2450d

SHA256
a2947ba9d0c5510a62f685c839990cbe4ec43e2c7b38e20938420b562229090f

SHA512
10d4ed9e7a47d21bf04bb6c3b181e66528755601b1b748d2c23c20c9543f18e2cc2e87e133db5569b19d04748356891159ba210c1e3e719bb6dafce054a7c55a

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13482\api-ms-win-core-timezone-l1-1-0.dll

Filesize
13KB

MD5
e27aa1ee2a6b5aa8d746ceed7095fdaf

SHA1
e7bc272932c30c494e672bc2871bbc26d2c758b6

SHA256
31e96eaf08a5dad4afe4304c97d18aefdfdc22c444c9f67be272f8e6282aa76a

SHA512
4c075c2ebab277480a05108588155d6f669c32d0bffd4264bc4d316fbaee613f940ffe4432ff906346f4290c5e379c7449a989c932834aed4c3f972d905b59e1

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13482\python39.dll

Filesize
4.3MB

MD5
2135da9f78a8ef80850fa582df2c7239

SHA1
aac6ad3054de6566851cae75215bdeda607821c4

SHA256
324963a39b8fd045ff634bb3271508dab5098b4d99e85e7648d0b47c32dc85c3

SHA512
423b03990d6aa9375ce10e6b62ffdb7e1e2f20a62d248aac822eb9d973ae2bf35deddd2550a4a0e17c51ad9f1e4f86443ca8f94050e0986daa345d30181a2369

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI13482\ucrtbase.dll

Filesize
987KB

MD5
28647d8fb402416cb1c986894d849c50

SHA1
bf0eaa587001214a4d6e6876b8adfcb49254450b

SHA256
b3591e2ba725934a1a659882444b85b186da44d2dddaba3b66587dd3f97364ab

SHA512
689346b9d9fa2f93a5d50af15eee9cc18ee819c00986dabbdd102126556466adecc412a8c539a8d22239cddccc1c3d3dd5783dff047f593bfd7be761c0ab9b12

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads