play | 952fec5f9e7137951700d7e4239728f903e360b3fdb0332deb9448bdc31c2f3f | Triage

Submit
Reports

Overview

overview

Static

static

3

952fec5f9e...42.exe

windows7-x64

952fec5f9e...42.exe

windows10-2004-x64

Sharing

General

Target

952fec5f9e7137951700d7e42.exe
Size

673KB
Sample

230628-rshstaah4t
MD5

2e8897ef38d4abe4861360a4b6e895d5
SHA1

f668b1110d8a6b1a3f638fd8a6276a7a1efe18db
SHA256

952fec5f9e7137951700d7e4239728f903e360b3fdb0332deb9448bdc31c2f3f
SHA512

02d7fe9141b25c74fb4721fa5cba6030cae671ec159987e1e0c95eee65fd5185586b0101af63e36f788cf8b7fc7044018e059301b17e5e63e68564d31f3610b8
SSDEEP

12288:fjVr5+jJNj0H5zPYXADL1vpQ/ywpll/nh:fjB5WJOH5DYXAlvMyUJn

Score

10^/10

play ransomware spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

952fec5f9e7137951700d7e42.exe

Resource

win7-20230621-en

play ransomware spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

952fec5f9e7137951700d7e42.exe

Resource

win10v2004-20230621-en

play ransomware spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  952fec5f9e7137951700d7e42.exe
- Size
  
  673KB
- MD5
  
  2e8897ef38d4abe4861360a4b6e895d5
- SHA1
  
  f668b1110d8a6b1a3f638fd8a6276a7a1efe18db
- SHA256
  
  952fec5f9e7137951700d7e4239728f903e360b3fdb0332deb9448bdc31c2f3f
- SHA512
  
  02d7fe9141b25c74fb4721fa5cba6030cae671ec159987e1e0c95eee65fd5185586b0101af63e36f788cf8b7fc7044018e059301b17e5e63e68564d31f3610b8
- SSDEEP
  
  12288:fjVr5+jJNj0H5zPYXADL1vpQ/ywpll/nh:fjB5WJOH5DYXAlvMyUJn
Score

10^/10

play ransomware spyware stealer
- PLAY Ransomware, PlayCrypt
  Ransomware family first seen in mid 2022.
  ransomware play
- Renames multiple (8341) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Renames multiple (8472) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

playransomwarespywarestealer

behavioral2

playransomwarespywarestealer

© 2018-2024

Terms | Privacy