Overview

overview

10

Static

static

3

0436a5b53c...f1.exe

windows7-x64

10

0436a5b53c...f1.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    300s
  • max time network
    274s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/11/2023, 05:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe

  • Size

    458KB

  • MD5

    a8e5d4ef39be51f96c1374d3b3249297

  • SHA1

    080638196673615c51c16425a0e19ace849b917e

  • SHA256

    0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1

  • SHA512

    413b864d9e7ecdfff5d314081cecf294ef0fcb14d63ee38e773cdc6c38da4b60172bf97ebbd3c5e8596efba993105a4e286889a99ba996c0c15396dfc7d73591

  • SSDEEP

    6144:Z/MZO4aLcwC0IEVvOCcxmwMSKM3mhM+rTV/yqUKmLzmZhbVPntlKmp+:ZXiwC0pVvOfx1uvrEXKPZhRHp+

Score
10/10
playransomwarespywarestealer

Malware Config

Signatures

  • PLAY Ransomware, PlayCrypt

    Ransomware family first seen in mid 2022.

    ransomwareplay
  • Renames multiple (7307) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 29 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe
    "C:\Users\Admin\AppData\Local\Temp\0436a5b53c6ca0a443bdd3a806a77e4101480d4599dbd670d1ebd36ce4aa16f1.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • Drops file in Program Files directory
    PID:1388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1873812795-1433807462-1429862679-1000\desktop.ini
    Filesize

    1KB

    MD5

    238c0874914e335021153e59af625aec

    SHA1

    4c32d237dea56a193fc2e1dab1bce820919ea51a

    SHA256

    67ded29b723ad36416242e35cee51310676c9196f954cc5d062d86b06ff9dfe4

    SHA512

    7a8397a2748bac38ba5dd184c72d34fac341487a45617a84ee7bc7d2d5081406768841c6df9fd8618f78728db698d27cfa91b921274048424496b2e3bd73dec9

    Download Submit

  • C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901020069.msp.PLAY
    Filesize

    218.2MB

    MD5

    9ece87cbd8fd9bb7ed0f138577275d8b

    SHA1

    2256867d8c511e3b1a83ecaae080a5fbfe26fc47

    SHA256

    c69a2cda0a1677b604240c28927eea7c7ae8b4c0639fe3f520491b3918c18384

    SHA512

    d8387423be112f29e395087b42e91122efc0476736e8d3db3e2dd4dbf891a68525f6b8094e3c57822dad958640401bf75f25751a3aa233ce2f82671886ccb82d

    Download Submit

  • C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Data1.cab.PLAY
    Filesize

    167.0MB

    MD5

    7c6e1b5139f7b7ce115947a5b8a44445

    SHA1

    0f33fa9c116d3f44f69c4606e0a443c40117fd99

    SHA256

    de57320603c8352c1c282055f9db8b67043ee0b7374031dddd75bc25701c47a1

    SHA512

    48cfd6975c9ae9f75a42261b59dadc577f7b3079d1274ce9bf51496c3dfe91c129720e95e484b3540c7cddbba7d2afefbe99e1cca2836cfcf4363d4e71cc3760

    Download Submit

  • C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\abcpy.ini.PLAY
    Filesize

    1KB

    MD5

    2d59fbddca6c4ee148ebede832d1eb78

    SHA1

    46796e12b28583f981348511fa7418ffa01e86a1

    SHA256

    44ad3596c2d981958df4310147da5c8fd1f190ea6b005a672445780d53219f38

    SHA512

    0bb69ad48925bef0685a2d4bf99deaf2fdb7e0ab95e13e88a026f75e6cb24191e95055b4646e625546a5a16bf1d4e994ce04aae50b7b6f2b6f52bf9abe431619

    Download Submit

  • C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.ini.PLAY
    Filesize

    1KB

    MD5

    56f81e4a2f10cdcf79ee33d70ccf8afc

    SHA1

    2252808c0c6c8b7a881595c50c8266fa3b2cfba8

    SHA256

    69e7aa807e8baa17c35ae6eadeacba6aece9cd5d7a37bdb2f7dfe19e2a2b2eaa

    SHA512

    e745f888a70edd1eddacf034e0e4b829f70d79b1480415e8b621ac7d41ee1e10624c0760525e6f2a80d190f0fbeb977c2cd0439653574c16def315b75a21d100

    Download Submit

  • C:\ProgramData\Microsoft OneDrive\setup\refcount.ini.PLAY
    Filesize

    1KB

    MD5

    96e5a78046ae45b9728fe113e65b6abe

    SHA1

    5def035162ebfad6bb654c3975d9ec050acc32cb

    SHA256

    cdeb00980a6fa7b558ea8747997ac50867a0a3c50968377d6fe824d017c9b4d7

    SHA512

    9dbed1ad8eb1d0c23f50300ed350b19d2e34d6d7c7c7a758dfba42de90a6139ac7af9df95f2c32c9fba5b825239658d492ec39793062b6b93e671b4955f0eed3

    Download Submit

  • C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json.PLAY
    Filesize

    1KB

    MD5

    f65198e9f3372f37bac9f81c7453c2bf

    SHA1

    c437bcc7f88616a5568d7387d4f0d8f22e9c0d20

    SHA256

    7f3630997bf6d718c8bd10a23421785bff0c65079e7979ebd127f8d7c672b49b

    SHA512

    e13646f7e578e3ca3d8dcb69e13830219114a982844568c9f26a924205d677e2939dfa392c8dbbaad0e5164cfeed953db47253d671b9048a43a7cfb61efad726

    Download Submit

  • C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    82d8e1ac6eada823592345709ddf6dda

    SHA1

    75d44641feed877574353f5e950b699e05ef5600

    SHA256

    84e32d1ffd268ed2d404e3f0d93a56db7cd0f91b333ad6ad274ad994b353bca0

    SHA512

    599d71713c5996dd20428129f3af5e0437b3730c6ea2cadb140a05d38c2629117c3370facd969dc429715ce5e1c5d7a84d6d4406988c9d594b4e4df523869481

    Download Submit

  • C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
    Filesize

    5.5MB

    MD5

    bf1f7273b286ceabea43faa10b3abb2f

    SHA1

    fbd83b8b1dda1a7e1b20daddd66a004638fba91d

    SHA256

    bc5afb1ab45648d4774a1b83916096c8218557ee4da597c45bd67331ef03dff9

    SHA512

    b5bae0bfbb958d2679c7d8121b9680f2d634e40031eeb3d3fbc662d34c32964e23cf6e5b805f96bdc661405edcd11617cb33268bc37dafcae8203f93be24b5b4

    Download Submit

  • C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    8756f1c9b58bc86744defb0f70552132

    SHA1

    cfbef6d0ab98565eeae65633feb8d3e2b404373c

    SHA256

    dc662e2be2f5ff5323240f1ab67e7dc2a06eb3fca8e4a8942ba3116959cfe9dd

    SHA512

    4a87903c11e7a4b10982c48dad5ee0474afe7065eb6403366483490b5929967860d88b2088c5d11dc166d5ce4facdeb15dc70232184381624ae625fc3c772dae

    Download Submit

  • C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
    Filesize

    5.3MB

    MD5

    e55ca69048a3c67b0defb0ba8eed29b0

    SHA1

    f1becd711db1bb9a4949fd5900744c94d5c0afe2

    SHA256

    24278ed57a6af6ce49165b514efed3fb6d897af605aa0cbb5e4d2c8eca83a2d7

    SHA512

    96649aac65b559c410134f4ff99f790e311285bb7e37bca57a61fb2b7ce720f4dd9c0ffe5ce5a08372e256fd71e796ce4a632c6f0117126e7daf2decc57a56cd

    Download Submit

  • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    e7cc1317ade791a377bfeded918883a4

    SHA1

    29ca8c66751c83b324484134d46f9b5d07725ade

    SHA256

    30f8dfef2ad96e0940b212d487c01192c5569ebcee1f48dc0225edc0a67e999e

    SHA512

    008b6fd10e9bfc22790cdcece7d8ebe3555396c92fbe42c0411969d17d7e382949c0e18dca7a0adce580c7eb91b7a7dbb7758f2512aa25de1744f4112e6d4d28

    Download Submit

  • C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    84f46c37b8729e9a8a63ed7c68eb4b4d

    SHA1

    d5ce47cdaadaa8e7d080b6fa94c99d12f94c192a

    SHA256

    183ff37757392e3f47d204111bdfbc1c7df2bf02ac2ac87dd20ee51d8aae8406

    SHA512

    5e85561984bbdd39ae30708e566423e05f72efba05f804a9e1227b60e32c607f6f5e8c9c0ec610a674b721048fa502a719cf24c6dffa5d4de026d59cdde4ba8e

    Download Submit

  • C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
    Filesize

    870KB

    MD5

    beabfbc1ad8843c0530704efee62007e

    SHA1

    9d2ea70579455356ecadd2f26f72b4fdbb11aa8a

    SHA256

    5b1650f8e8cd676001e79737b60ed950d9dc3765cc3163098781bde13fffee4d

    SHA512

    b72a09937631e2bd8b3b05a55c9eb471143ee2118ab6891490710008a66ca4fe3a9922a7dd4d01b5a2b442cbbee727ee0f90aea6d2f1c90fe8f27f8e9d9f5eba

    Download Submit

  • C:\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
    Filesize

    5.4MB

    MD5

    ee7dc25919e77e795ccf37860d3e8ae0

    SHA1

    306d6d9754a51f2f6f93d9a7d974cb4b7fe4c3f6

    SHA256

    546041fb2c5e45dd1f785f952e7e3981aaa1629d1f7514b656265933a0669424

    SHA512

    5431dcd90f939996545735ca9bf23d9e18b0a32e8ad9528084ee5e47eb8552123a66997a691f1b09181f66630091eb737b6d6ebbdb1d60e5122d43afc4e70da4

    Download Submit

  • C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
    Filesize

    4.7MB

    MD5

    ec92944585650ea1b61a4b0e3fe9aa0c

    SHA1

    b1af84d3c18074e9f0415f1bb9042b3db962466d

    SHA256

    295a8447e013ae6f40f9351a8e5621720a5cc6a9eb228fa78bf2d5bced196be7

    SHA512

    c7ed1b30a8ef3947c14ba3dc7db45dc5190dece226318704006bee0d4350b1cf776872d4d18bc5fd79a1e514bb9879962138211edfd51e9a8f7f3d769855eceb

    Download Submit

  • C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
    Filesize

    4.9MB

    MD5

    d371fa7cce796ae9d0b4a8f336e491b1

    SHA1

    56ba2d2d31cd30da6cb334d2cae1cfd72b98a4c4

    SHA256

    c98ac208a00487e97dc464667eae75e519840565f28754ef8bdbd3a2c80aa31e

    SHA512

    358b957ad53ee417e1bfd2e872c3fd19cd630e956b5c640e48a4f0bcc82ec8f936d569ddfe8ee1e0076873db0cab9ab91d8eb879a389550cc9d490c849f7fa87

    Download Submit

  • C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
    Filesize

    803KB

    MD5

    44f15cb607f50b1a70c1ad811d1ef746

    SHA1

    050490f30bc38d908ca39b50c0b2ae7494bf1904

    SHA256

    e79430449bfa1f9e35e371445b1c03a0dbd72fc09044d42f4309b4f4674f1c40

    SHA512

    25a0129f3804ef99776661ed038b435a68a1e59ebb47addd9cb46a21f039b415bfc290644bb57ef5ebabf369f93cd55d34dbbe287ed8f7c027d7778ef132a909

    Download Submit

  • C:\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
    Filesize

    4.9MB

    MD5

    8ff0d6ad31b0838fc1112dd37ac095b6

    SHA1

    9cb9df2036d57cb4ec0183b5d69cf12726ae10e7

    SHA256

    40c214d2a28a7a321b1f615ccb08fc5f0a46c36aa910c71fe580482e56b93f31

    SHA512

    b56e31943c4fa464de2f6e854fd67264b4bc4745e15d5523fe433d3472a8cbebac65993563505fa643d0150f833e34ccd2d0ccb614879c1cece335cc0a05ab28

    Download Submit

  • C:\ProgramData\Package Cache\{CB0836EC-B072-368D-82B2-D3470BF95707}v12.0.40660\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
    Filesize

    1011KB

    MD5

    970d69462eae773ba42f6479aa245ecf

    SHA1

    5a9f9556ce2833c67cefd429a811f2e7e601813a

    SHA256

    f34e066400460cea2948a09350898af0fdc00a3052ec6aac274e3a946a83a2ad

    SHA512

    85d28a665974c197b86779bf6fce83a8cfa521e9948f357eacd379c83469060ae5fab50d85cb8a6859c57c19ac0e682ac98624cefb66196b9e6df1c25c2ae4d3

    Download Submit

  • C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
    Filesize

    791KB

    MD5

    d8568d3258ec2fdc5266db49e71d8c8a

    SHA1

    4ff1fa29e4bb6276b18fbc65614241b39153ad3d

    SHA256

    33fa606c2eab0294e4cc5a8aba50d49b63dd454d5d2ff3c2f3dbfad5e366217c

    SHA512

    7bb4610596679121a654240a15ba47c3bd7c0ca51e59448823d0b666df1620c5e499e3502b251d988d7687e5c9dc71e717e43848d7776ecd889ec72adf9f02fc

    Download Submit

  • C:\ProgramData\Package Cache\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}v12.0.40660\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
    Filesize

    974KB

    MD5

    80c9d51259d23d3ffc8335c1da2bfe32

    SHA1

    79d5a36b9dae3cba17311e8e1cfeb15a024c618d

    SHA256

    993777d38d04512f485222526904cc39508d8ae6af8266de4970c987621311c1

    SHA512

    50e78da41765cd8ff0096dc35515ec5ccf38f53a090a34fe92e5bb01a6dc5bcc699ae3c4725a547abd446ca2a177ab6681b68b546caf3f0f839f133b1ed5f10d

    Download Submit

  • C:\ProgramData\Package Cache\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
    Filesize

    742KB

    MD5

    d510c63c925eddd5e67254571dcdf071

    SHA1

    9e2b93a16277092b5f7ee53b1da03e5192da7231

    SHA256

    7fd54455b082b81fa285e4048fabb5506b9da45a68fcfeb51b19ba32abe5a5c9

    SHA512

    261fff4aa337fbf760ac49561aab93c10e88021dfa62efc986677558f90c29eb76d12864753c0e43b3195cecf647b90fcc07a198198f8cfcc2aa9cec76e0dbeb

    Download Submit

  • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    ec29232611c071ccff12ea6235cd5ab8

    SHA1

    51a2873b0b1d286904926153805b26696c5ccbfc

    SHA256

    b9029d7b9f12dd39eb1d141af09123ce0367f2921e11a52a6fc330927eaaf712

    SHA512

    aa2cd4ed0c5bca93f040703dcfae37f43a12b41b4d4cb46e5895b5bd7972039c3a7d941b15191fbc0a635d3b99c12f8fabf53dadd1ed615bb62393d67b3bff18

    Download Submit

  • C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    a4ed2a70a882e7484448c9dc78cbab31

    SHA1

    6d51f9b62a1e694874e861b2cfe7d797357c00cc

    SHA256

    77196049cbeb3eda68150bd354473faf602c621a4791eb862c203290e4d314d4

    SHA512

    342107d1b7e6ea64a2cfca97902b69c4158373d1c108c52d2915eba2887ed413690570f6a3d676d865f226f95d6cf55d9ef08ae6a562afbab31019ad789aff88

    Download Submit

  • C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.PLAY
    Filesize

    2KB

    MD5

    c52d450a2ed1c39b18172530921ffb2a

    SHA1

    3c1f9ee9f893ab661abdf789e557c8380a18fdad

    SHA256

    dec5f9ed1e2a2a0149812443610b507565af7510768e87216dbc76851f2797bc

    SHA512

    97276a9ed00df75efc66da922f474b6a783b544bae8fdb595bccb5422021f1abd8865a50e79da220afe548f3d24c9fad5fb9e5eec6987d4f7adc1703029fde8f

    Download Submit

  • C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.PLAY
    Filesize

    2KB

    MD5

    a84d1de3d471ca4cadd12df6029e48d3

    SHA1

    cf54fb06546a5105a9d6ba8439808032d992f0e6

    SHA256

    42337df7735e0b5a4565e573a3d9bab8e2ffe737c4f595b19682b83c7b5ce1ac

    SHA512

    cf6d42bf733a73bc1514b99bbd7220e392b90482a91826200b4240dbeba9b37b50c8d4ed437cdf416843f0c88b9073911dcd4138906a38da68bcaceb905d41d3

    Download Submit

  • C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.PLAY
    Filesize

    2KB

    MD5

    21dd654c0d5363dff4b2f1b38a33214d

    SHA1

    77a2b1e49aff654ac0db7d6b6b1f90a5c46df9ec

    SHA256

    8a6953acecf79d9c064da6ada744181b29eb98e3f9c247eec6e924e223b390e0

    SHA512

    3feb6bfd61d11f0b9dbee7e5e15640e7c01fb7c638378aa866b6f4a04fc680fe49bfc76ea6413608bd6bd72e67f66315f975ae8595d22fdac150a46809bafaba

    Download Submit

  • C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.PLAY
    Filesize

    2KB

    MD5

    0b391fd83f097c69662890768adf7c5e

    SHA1

    35e41336c1c51336410f7e67720a73d8e6ebe2b2

    SHA256

    40054ed20337b4c74089aa60cb5d845ea1e5fa8a06a0bb8a1254fa427b9822bf

    SHA512

    d140a69606ad7f08e29545215981fc5b3c25692fe1a9f005fc7885cb8f5928ac5956a8bdeb06f5dc6af34e85e029a1dc277e5dfd035deb74de4913c684b3d819

    Download Submit

  • memory/1388-0-0x0000000002720000-0x000000000274C000-memory.dmp

    Filesize

    176KB

    Download