Overview

overview

10

Static

static

1

a928964f06...20.exe

windows7-x64

10

a928964f06...20.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    361s
  • max time network
    364s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    17/08/2023, 06:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a928964f062125cc32863a361a0554939f391a2e54a614c9c20c441f638a2f20.exe

  • Size

    376KB

  • MD5

    7775825b7abdaed99d1bc135393ed739

  • SHA1

    bd0b6fd129c333d6b90f8cf1026825e86b8224e3

  • SHA256

    a928964f062125cc32863a361a0554939f391a2e54a614c9c20c441f638a2f20

  • SHA512

    0761a7ecd784537f11cb78c0a0225c2f1e8c2cfbd86850e46092dd4927fc05fdee9c9f1ca87500bfd6b20cebe7485fbb63cac4b58d4984e8377dbc75e5303e65

  • SSDEEP

    6144:/xbJ+lDAAqBVbMO1ICxkiIr9LUjqH7E46FW4NcMc2U08/cIwhJMTi0:/SdAAoLls9UjMQJs

Score
10/10
ransomware

Malware Config

Extracted

Path

C:\Users\Admin\Documents\Message.txt

Ransom Note
contact: [email protected] I) French Version : Vos fichiers importants vidéos, musiques, images,documents …etc sont cryptés avec chiffrement. RSA-2048 et AES-128.Décrypter vos fichiers est uniquement possible à l'aide d'une clé privée et un . programme de décryptage Qui se trouvent sur mon serveur secret Pour décrypter vos fichiers, veuillez suivre les instructions suivantes : 1) Achetez des bitcoins de 300 €, euros ( 0.05 btc ) 2) Envoyez les bitcoins à cette adresse : votre adresse de bitcoin 3) lorsque je reçois les bitcoins , je décrypte vos fichiers contact: [email protected] II) English Version : Your important files videos, music, images, documents ... etc are encrypted with encryption. RSA-2048 and AES-128.Decrypting your files is only possible using a private key and a. decryption program that are on my secret server To decrypt your files, please follow the instructions below : 1) Buy bitcoins from 300 €, euros (0.05 btc) 2) Send bitcoins to this address : your bitcoin address 3) when I receive bitcoins, I decrypt your files

Extracted

Path

C:\Users\Admin\Desktop\HOW TO RECOVER YOUR FILES.txt

Ransom Note
contact: [email protected] contact: [email protected] II) English Version : Regrettably, your files have been encrypted with RSA-2048 and AES-128. You may decrypt and recover your files by sending $300 in Bitcoin to this address: STILLNEEDADDY Include your Bitcoin transaction I.D. in your e-mail. We will reply within 2 (two) hours with your digital key and instructions for quickly recovering your files! PLEASE NOTE: Should you decline this solution, your files will be permanently deleted, and published online with your personal information.

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a928964f062125cc32863a361a0554939f391a2e54a614c9c20c441f638a2f20.exe
    "C:\Users\Admin\AppData\Local\Temp\a928964f062125cc32863a361a0554939f391a2e54a614c9c20c441f638a2f20.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2372
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 2 && Del /Q /F C:\Users\Admin\AppData\Local\Temp\a928964f062125cc32863a361a0554939f391a2e54a614c9c20c441f638a2f20.exe
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:2136
      • C:\Windows\SysWOW64\timeout.exe
        timeout 2
        3⤵
        • Delays execution with timeout.exe
        PID:1088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Desktop\HOW TO RECOVER YOUR FILES.txt
    Filesize

    688B

    MD5

    81ab24b674b6abc98a336d3b371eeeb0

    SHA1

    28f4e90fdd835840b57959e1f4e0839a3d44454e

    SHA256

    e1b970e25f0114f61a3b3fa754f9d1c5eadb11c96b34b60a5be12adbdd31bc78

    SHA512

    9ed3bb2190bad8a88fbcf06d58606478f82d9265317c37d258c0aa92d701415a8eb47b352b24143fe33823ba1a2bcbd8a5a467c033ca950d789fa4bb3a898987

    Download Submit

  • C:\Users\Admin\Documents\Message.txt
    Filesize

    1KB

    MD5

    6ffb53efb5ab30a272b30dbd82aa245e

    SHA1

    92bbcb30455d3caafaa31f2a03e35b46e0335262

    SHA256

    b4d1ecc58915013646140f1b3bc8e59b703db41c9f388d4788612e0838d7b72e

    SHA512

    25212a538f50926a337144b17c75ab46bc27651446840cfb36a953c9b45c7af50422aa15314d2ef76cf37897315a9c6fc559d402c546c8b462daba30a902f46a

    Download Submit

  • C:\Users\Admin\Downloads\Message.txt
    Filesize

    511B

    MD5

    0e006dbcb0120559c18c2242245aa9bd

    SHA1

    354c89f08fad212e6eacc9d0cbf04039fdc0ca88

    SHA256

    4ca37ca1415a1d381dbf41d81b72caf3e90fe376d3670346ae4ce67e4cee2a03

    SHA512

    abdd5394623b7a633d96b367a2bb6409039658264ecd69270ce27d79b50f183fc27ed74dcf9aacc63715fa19e5486b167cf59a8a7ef0d227735b36b94ed1cddd

    Download Submit

  • C:\Users\Admin\Music\Message.txt.Retch
    Filesize

    1KB

    MD5

    59b39df4698e6f2c729cdb14fc71db05

    SHA1

    b7ba87b5796e8695b63881353134ce70e94cd4bf

    SHA256

    0d39bb6eb52ed902362194e338431f3384ef2a5acd1b98a98ee137dc46cd60c2

    SHA512

    1360f5499f4cea3e7a3775dc0cb2e148c33b63c0adec344313bbca4abd1982053a36051016207b3e577ad04eb4802772f1f81c2abf1990cc4c13b488d87351af

    Download Submit

  • memory/2372-55-0x0000000074080000-0x000000007476E000-memory.dmp

    Filesize

    6.9MB

    Download

  • memory/2372-54-0x0000000001200000-0x0000000001262000-memory.dmp

    Filesize

    392KB

    Download

  • memory/2372-56-0x0000000004D00000-0x0000000004D40000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2372-57-0x0000000004D00000-0x0000000004D40000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2372-207-0x0000000074080000-0x000000007476E000-memory.dmp

    Filesize

    6.9MB

    Download