963edcc0ef0f02a227e40c4d1f7eb319ae32559baa290b24264aee027053ff62

Resubmissions

21-10-2023 12:44

231021-pyrxkagb77 10

21-10-2023 12:08

231021-pbd27aga69 10

21-10-2023 11:58

231021-n5h3kaga48 10

08-10-2023 18:41

231008-xb6ffafb9s 10

Analysis

max time kernel
1756s
max time network
1842s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
21-10-2023 12:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mathway20Database20Leaked20January202020.txt
Size

545.2MB
MD5

21da4ab437bc44fe51239d0d74bd1910
SHA1

72406887174c2631fbdeaa638e58c4725957ce65
SHA256

963edcc0ef0f02a227e40c4d1f7eb319ae32559baa290b24264aee027053ff62
SHA512

61fbd111860700f84cd43fe2a52c21f2ffde763f504bf06c73fcaafe3fa968996c6439e5074bb14a01f75e770d1dde61e24b9939dff278414c913e4c888af327
SSDEEP

786432:n8mrDuYVNa3Z8+Q6c3iBmGzFUQN4fmm1S39Z2dfmMY65rUPxgRH:8ip

Score

1^/10

Malware Config

Signatures

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

4816 NOTEPAD.EXE

pid	process
4816	NOTEPAD.EXE

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

svchost.exe

description	pid	process
Token: SeBackupPrivilege	624	svchost.exe
Token: SeRestorePrivilege	624	svchost.exe
Token: SeSecurityPrivilege	624	svchost.exe
Token: SeTakeOwnershipPrivilege	624	svchost.exe
Token: 35	624	svchost.exe

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\Mathway20Database20Leaked20January202020.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4816

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4372.11.852815163\16769855" -childID 10 -isForBrowser -prefsHandle 6028 -prefMapHandle 4812 -prefsLen 30162 -prefMapSize 232675 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8fd14a32-e866-4ffb-a825-4ccfa79c6b8e} 4372 "\\.\pipe\gecko-crash-server-pipe.4372" 4068 1fea2bb7a58 tab
1⤵
PID:392

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4372.12.910182721\938408893" -childID 11 -isForBrowser -prefsHandle 5276 -prefMapHandle 4428 -prefsLen 30162 -prefMapSize 232675 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdf830be-4eba-4063-9847-0587756dd6f9} 4372 "\\.\pipe\gecko-crash-server-pipe.4372" 4068 1fe9ec04158 tab
1⤵
PID:1940

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4372.13.1618217243\1912200036" -childID 12 -isForBrowser -prefsHandle 6340 -prefMapHandle 5464 -prefsLen 30171 -prefMapSize 232675 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {78cb2cad-b79a-43c8-adfd-d51915b8f529} 4372 "\\.\pipe\gecko-crash-server-pipe.4372" 6376 1fea3977c58 tab
1⤵
PID:4316

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4372.14.1982521241\355610031" -childID 13 -isForBrowser -prefsHandle 5564 -prefMapHandle 5548 -prefsLen 30250 -prefMapSize 232675 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f196f017-72fd-431f-9d14-e1a7c5b1ec82} 4372 "\\.\pipe\gecko-crash-server-pipe.4372" 5036 1feaa259b58 tab
1⤵
PID:3576

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4372.15.1674434281\701927906" -childID 14 -isForBrowser -prefsHandle 2984 -prefMapHandle 4528 -prefsLen 30286 -prefMapSize 232675 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {488fd83a-99c1-4b8b-96ef-4d0845fb193f} 4372 "\\.\pipe\gecko-crash-server-pipe.4372" 4992 1fea3a9a858 tab
1⤵
PID:1636

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4372.16.1398335680\274447798" -childID 15 -isForBrowser -prefsHandle 6416 -prefMapHandle 6412 -prefsLen 30286 -prefMapSize 232675 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {95b375aa-ef46-4fc1-bac8-1eb89cd158cb} 4372 "\\.\pipe\gecko-crash-server-pipe.4372" 4956 1fea9008258 tab
1⤵
PID:5072

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4372.17.816132651\2041194844" -childID 16 -isForBrowser -prefsHandle 4024 -prefMapHandle 5072 -prefsLen 30295 -prefMapSize 232675 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f234f17a-f400-41b6-af30-7905d69ebe32} 4372 "\\.\pipe\gecko-crash-server-pipe.4372" 4936 1fea381d358 tab
1⤵
PID:1512

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:624

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:1756

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4372.18.2064355077\1179315030" -childID 17 -isForBrowser -prefsHandle 6600 -prefMapHandle 5220 -prefsLen 30295 -prefMapSize 232675 -jsInitHandle 1008 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a46c6c28-325e-4b95-9b18-8a68ae19161d} 4372 "\\.\pipe\gecko-crash-server-pipe.4372" 1320 1fe91666e58 tab
1⤵
PID:2456

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads