Overview

overview

10

Static

static

10

Ransomware.Thanos.zip

windows7-x64

Ransomware.Thanos.zip

windows10-2004-x64

1

58bfb9fa88...1f.exe

windows7-x64

58bfb9fa88...1f.exe

windows10-2004-x64

10

5d40615701...3d.exe

windows7-x64

5d40615701...3d.exe

windows10-2004-x64

9

ae66e009e1...75.exe

windows7-x64

ae66e009e1...75.exe

windows10-2004-x64

c460fc0d4f...50.exe

windows7-x64

c460fc0d4f...50.exe

windows10-2004-x64

10

Resubmissions

14-12-2023 12:07

231214-pajw2sehe8 10

14-12-2023 12:03

231214-n8hk7sddfj 10

Analysis

  • max time kernel
    139s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231130-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-12-2023 12:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ransomware.Thanos.zip

  • Size

    145KB

  • MD5

    00184463f3b071369d60353c692be6f0

  • SHA1

    d3c1e90f39da2997ef4888b54d706b1a1fde642a

  • SHA256

    cd0f55dd00111251cd580c7e7cc1d17448faf27e4ef39818d75ce330628c7787

  • SHA512

    baa931a23ecbcb15dda6a1dc46d65fd74b46ccea8891c48f0822a8a10092b7d4f7ea1dc971946a161ac861f0aa8b99362d5bea960b47b10f8c91e33d1b018006

  • SSDEEP

    3072:fn8L7y+NJQpRhkU0kbH2PNo/1GjTqOncYIOSsk:f8L7xNJQFzCo/ojTqOnYD

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Ransomware.Thanos.zip
    1⤵
      PID:3560
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:4032
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:2024

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
        Filesize

        16KB

        MD5

        1e72aa676bb11009d9ac1b09849673bb

        SHA1

        cbe294a900a6ef48b9cac4be363ef0b67ab1f213

        SHA256

        12516fccbfd46391b3328d959cd690e7744e7c6d5e1eeed34c86280befc58b9a

        SHA512

        8a8a9e09372b7eeabacb86bf5db088d1f73d74fa4d240ac70dc41d7d4086ebd3790fff2fcd47a9e3555ca69d53c5e6f14ddf22ad06de7cce9ca4ce0e4184d4a7

        Download Submit

      • memory/2024-40-0x000001E143C70000-0x000001E143C71000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2024-33-0x000001E143C70000-0x000001E143C71000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2024-42-0x000001E143C70000-0x000001E143C71000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2024-34-0x000001E143C70000-0x000001E143C71000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2024-35-0x000001E143C70000-0x000001E143C71000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2024-36-0x000001E143C70000-0x000001E143C71000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2024-37-0x000001E143C70000-0x000001E143C71000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2024-38-0x000001E143C70000-0x000001E143C71000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2024-43-0x000001E143890000-0x000001E143891000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2024-0-0x000001E13B550000-0x000001E13B560000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2024-68-0x000001E143AE0000-0x000001E143AE1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2024-32-0x000001E143C40000-0x000001E143C41000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2024-39-0x000001E143C70000-0x000001E143C71000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2024-44-0x000001E143880000-0x000001E143881000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2024-46-0x000001E143890000-0x000001E143891000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2024-49-0x000001E143880000-0x000001E143881000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2024-52-0x000001E1437C0000-0x000001E1437C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2024-16-0x000001E13B650000-0x000001E13B660000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2024-64-0x000001E1439C0000-0x000001E1439C1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2024-66-0x000001E1439D0000-0x000001E1439D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2024-67-0x000001E1439D0000-0x000001E1439D1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2024-41-0x000001E143C70000-0x000001E143C71000-memory.dmp

        Filesize

        4KB

        Download