Overview

overview

10

Static

static

10

006ae41910...55.exe

windows7-x64

10

006ae41910...55.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    115s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/12/2023, 19:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe

  • Size

    178KB

  • MD5

    223eff1610b432a1f1aa06c60bd7b9a6

  • SHA1

    14177730443c65aefeeda3162b324fdedf9cf9e0

  • SHA256

    006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55

  • SHA512

    cf8b097e4d8dae444c4759a6588bcc5769694d34675f17fed5ee6d0b7aa52ed44263b0cc73f4ff422182a01ad8d69b18a71110c4fc4e9dd2233e9cfe833cbd36

  • SSDEEP

    3072:Yrl2uRkddO+iR7OZOQ+dzeIP9mwUGU3l2bxW1/9JnOC/fhKJ2hXh3lmG:22uyqOh2g8U12K9dtEWx17

Score
10/10
playransomwarespywarestealer

Malware Config

Signatures

  • PLAY Ransomware, PlayCrypt

    Ransomware family first seen in mid 2022.

    ransomwareplay
  • Renames multiple (7317) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 29 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe
    "C:\Users\Admin\AppData\Local\Temp\006ae41910887f0811a3ba2868ef9576bbd265216554850112319af878f06e55.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • Drops file in Program Files directory
    PID:5012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1497073144-2389943819-3385106915-1000\desktop.ini
    Filesize

    1KB

    MD5

    7697a649888f7699d2b031b37efec78b

    SHA1

    0dc3c35ae1b5bc27ec14b1b8fe17a6cee49a6947

    SHA256

    e0cbf26bf57105715d9293161238bda0c9d8fc528ed1caee130c5de2d8d5cdc3

    SHA512

    83af040b410cf7557343b01707e7018d2d8ede6c25a76f3c516db85eb3b0b24a3d4b3a0db82e58d80563ca66b3917689e30ae5ea3952e9856b81f1aeb045d2d7

    Download Submit

  • C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\AcroRdrDCUpd1901020069.msp.PLAY
    Filesize

    1.0MB

    MD5

    32504c2e0861cd66850be9b0fbf0f657

    SHA1

    a5197bef6897722a19ea5dee9fd750a8dcb618b4

    SHA256

    286bb66cdedaab3e65e96ceccf57ebcd4065444f427941ec4583e5caf383ea20

    SHA512

    1ea34cd2388be4ba84cbc14db1e28d0de1a9d29d93372ba6687b63c5552a5f84c9cc2fb26f45f5b04d11c2baceb45c46d4f81000a8f578afb3d6bb254918f4ab

    Download Submit

  • C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\Data1.cab.PLAY
    Filesize

    2.6MB

    MD5

    f805780bd7038a031e59986449a8a542

    SHA1

    3936749c7fe2e449f13d3fb68bb1b0931e1fc508

    SHA256

    ac54ab415b88ab35041414f314e96806b97a069fa928a5c9406879d79d1c7072

    SHA512

    da82abb6a7055bcc8f1cf9746e21732cb222ce1aaed87a9fad75e5255f7cf82484ceb23914f62c393ecf3cb502845c586c1b478732911e2f6ee5ba6ce451e2d2

    Download Submit

  • C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\abcpy.ini.PLAY
    Filesize

    1KB

    MD5

    48c051c0fd093e244db5b9a345ba0f34

    SHA1

    166941d545fcebef711cf984f01b2a1204eb75d6

    SHA256

    39b70f478934ccbaf8f33ecbd6bc4b0f09cfaa7b06e9c2f45df29cb500dded49

    SHA512

    1b434eb2dab1705922074a0fed115fa0e92b5351eaa1aa96a982127a4e39880d880a77337d8c87023edc441ac0e453c3815a173e445506f84bebdc85a833013f

    Download Submit

  • C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.ini.PLAY
    Filesize

    1KB

    MD5

    bf96f53334eda5457ad9eb7a55a78339

    SHA1

    46317ff9d4eaf896ebde5845ea47fcef92fcab3b

    SHA256

    01f7c98bc19e52c0c1206659981d17510bf6ad4b6a3ae78daa21e71ecfcf4017

    SHA512

    d64171a47b1a0ac38c6282ea7725468541be328a90c909b95e62b91da57df47f158ea530ea0a894df14b8b418f4f767d5e9534b618c54bc4afaf3533685c274b

    Download Submit

  • C:\ProgramData\Microsoft OneDrive\setup\refcount.ini.PLAY
    Filesize

    1KB

    MD5

    b1b0d101370d4d4eac2e3ff1b7533830

    SHA1

    c001d160722cbc63a64d834d6c6034ec9c4602a1

    SHA256

    80313d69fb3f9f93201ad0704f21d9b3743a8242c8c0c158cd5dbfe8973f9e0a

    SHA512

    7691702d3ae1bfdb81aaad4295d4e2e1cc1ac279ad7730a792ce5cc6ecdff82b32d00e8deb7436ca43a6216d9c4ad1b93fa241e2e0cc6d02c68a8e50fa635543

    Download Submit

  • C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json.PLAY
    Filesize

    1KB

    MD5

    2d19fd94aabf1a18f4ba9721b3d49779

    SHA1

    e0942cfd9a87d5adaa7550215aefe1974fb5b02c

    SHA256

    1c0b20b59cf5bec751b89f733075949f38c7b2e6a59313de806f604e3375d0a7

    SHA512

    0e81e2fde2a610702911c59242c6805a101e6416715a74c983789c07903501c368dfea009cde45732b713069ceca5abcda5a7146d2abbf086adbf52ccbfe6cbf

    Download Submit

  • C:\ProgramData\Package Cache\{17316079-d65a-4f25-a9f3-56c32781b15d}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    6717cfa2d042856e0f143e17f6acacb4

    SHA1

    d8a3b436a37db544e1d812ded45c381bb94ff229

    SHA256

    b6bf2720427f360122771e2f1315dcfe2f26375b72a1c065ab3aa8fcd8ea8552

    SHA512

    1c3c65cfe4c09b10891d1028d6d9b00497f9cd4bd4fb4b08047940d1b9c4f1ecc2f2b014d4e0012bec0b0047d3968a2f9fc20a98a7ea100d4d84e71e55434594

    Download Submit

  • C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    30ceb35f059bbcd3b9c27f991cebc5ca

    SHA1

    874bfafaa5a69af1174943cd4dde00b4aa93049e

    SHA256

    854061f68b74ba03b6cb44f61a2a75b92865792d95978f3d35a9f230fd899075

    SHA512

    61adf57364aad24b6cd528a97a93b722de49347b04cee7b6b314cb9d4f029fc059e4e65861b3cef7ee162d240fc8e650fabd32f772876bf1513e3697da4b003f

    Download Submit

  • C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
    Filesize

    2.6MB

    MD5

    4a8208ec72f596f2babe5aa4959b92e2

    SHA1

    38e389367674d3b0bc3ed0b8538f9f0da4eeaa7a

    SHA256

    9ce9c2db985fbe6f66d79277b3129d16a7070316072a25a3032b907a888561bd

    SHA512

    62f8b9bced75e1d6b401510c14fe60f96b72961d27d36bcf5d24d856bbcf77e153890d0ca5f57b39330d7f17fc909a81de11868037f47adbfd3bc42c66b8d63a

    Download Submit

  • C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    8b76e1130bbc628778e4a1ea77bbe857

    SHA1

    8b574c0d1d0e3f9d2a8d95fa88f04bd5c261b28b

    SHA256

    7052e22c047e1f7377c72dbf993b66cb413f5967b838d7d0cc7918559a46b8c7

    SHA512

    d3e027d2b2ae6200946ff437f4491c8ab2ea5b8719a9ed1b51af73765d81ac26aebfac3fb0e157aadcea28eb2f14cb176664e6219ba23deab96ccb2250b4a7c5

    Download Submit

  • C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
    Filesize

    2.2MB

    MD5

    877e8a00d54f72e754a16748c3159283

    SHA1

    18fe62929dd83402207179841a0ad36adcedbc95

    SHA256

    1015376e5109ed613d4b223daf4f0c0dc320196cf133d1d5d9c4ee6e6ec40ebf

    SHA512

    12a88a16cc31a77698e5e26f7a8ef0a3b9d687d73ea85ba13fdeb45a7640c6a9113006a44ad24b3ceeaed025b802bb4f2bba23d7138d144fb4609308cf9b5614

    Download Submit

  • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    6005b64447dc90b3c5843347aa557d6b

    SHA1

    257df95020ab81754ab814fd1ce9e4414ad8849b

    SHA256

    7615400d2b78e85be12e9c6ec7ba67ad9c0208504b713861e26e7a0154bde160

    SHA512

    7f257e5ead06111db7d547887ce7adef6cdac89853cf5cb5d3f8e26badd4243803f739d7f2c25fd448660e4117c05dd4eeea801bf89bc0c55fa49713a77417e5

    Download Submit

  • C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    fbe587d1ea10e1b109d26fbeb4ac4f1a

    SHA1

    39bafbd6f949ed5959d1f2da6b6cb9c95d1a71ec

    SHA256

    3370ec6dbf0b8a858f913d52ac35570df0fd87f0200394eb3458fea04a0b0576

    SHA512

    27fbf774963c564468402c06d5b5ac0bf20be73c9a9ec36c2cd644e8a26492553d781fa4bca93ca156fefc2904105d6e67d70872654e42590914c671dd3350c9

    Download Submit

  • C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
    Filesize

    870KB

    MD5

    92751eb169233ee514bfdc7ca9281869

    SHA1

    0f777f1cf41db1a625df83c8fb17cd0e44497ea9

    SHA256

    c88230540b9789491a8bce32587ffec1d2fb45f3d7903fc32cdd0821c2a803ec

    SHA512

    a76fe940340cd989e5480e27a1bb4e5803bd5c52bba1076051df7645f825d0f519f2ba46080fee1eaedba54eebe66884b667a283a9c66babb204731b295a00f1

    Download Submit

  • C:\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
    Filesize

    1.8MB

    MD5

    40033e8168827d21128cdad69006dfb6

    SHA1

    7bf66bd958ecb03baf727d24e61a44daf1ad9a08

    SHA256

    fdbe882aeb42a5f3ab256960fe301dea9b6311fabca420a7bf56f5d2f30b9b02

    SHA512

    1b8d18275efbc0bc515cd4d95ffc8d072208e1dbd56359129bb8f5f894b44d5ca9f78e1bde792bdbd35c4a0d6bf35c45fb8073dc74c6458430990a5eb3e0f517

    Download Submit

  • C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
    Filesize

    1.8MB

    MD5

    7150cd9b65692ffbdcf567bea18f50bf

    SHA1

    cebb1b69c371d60876970b331c8daa0af67d09c2

    SHA256

    0a4bd8345df92ec9a7f009569d685a5cb936841590f596b143bb4669fb70665a

    SHA512

    be9d943faad0bf358e4738c54cad69ae467d0ef81a303f2b500921993be1a315a925e87469190c360e88913572a2c2702b046c53f087c29a36a7fd61d421cb68

    Download Submit

  • C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
    Filesize

    1.9MB

    MD5

    5372a4f6585862bd91466bcdab97a62d

    SHA1

    fd31c08f256a54dcd103be66bcf8628ed1248699

    SHA256

    2a6d3a50a57d4b330fa668289b529270ebbe10abcbefb2c56111170322b16dd4

    SHA512

    d84b7fafe5d1e60dbd7ec8b28131405fe80f698f332e61912d387c225de887907cdc6f520877ca7d9fcb310406783821b7ddd0466faa0a6a51a8a1a118d430ea

    Download Submit

  • C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
    Filesize

    803KB

    MD5

    cc75d5103df1b0205b5ca5f770321fe2

    SHA1

    9ef1bb0dd45198035a5e7dd5446b1c38ba599f81

    SHA256

    8946cf7149720b751b63231fccbe509f0255cd63abc9f74b7927bf1d28977693

    SHA512

    2b5c5750a4ae3ecf0160e7e5d105d8abaf66d27b1bf46f73e2eb2a0f402ae6060b372ac825d7a876347c5a93b17ac5885ca183c8be466eb1fdb644581f5e98a5

    Download Submit

  • C:\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
    Filesize

    1.3MB

    MD5

    4e1345cb554e3ae74a41c9cdd087708b

    SHA1

    a31e1ece97ea282a6a00334c4d7e70928aa75455

    SHA256

    065788381dc1bd7be1654d8cb55025785eaa3879fcddbb2d04d9bb129063bce7

    SHA512

    ee4ebff0e7be5c04bba84b7660ca4eb3c378b98e2e8c46608c55b7ecc28fffb21746f457f1b89c016f30d0354f6f822084ea4337f306bef673a26031bc920976

    Download Submit

  • C:\ProgramData\Package Cache\{CB0836EC-B072-368D-82B2-D3470BF95707}v12.0.40660\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
    Filesize

    262KB

    MD5

    c77e996a2566707c3560ed4a09f8e84e

    SHA1

    7637e880a9599fb2e8f62c461ad693431d06e9c8

    SHA256

    97d80bf6091000715557d1af1d369bed5f3bb015997ebbcb2d507b5d8c2bbfcb

    SHA512

    8ded628b159f2c34434992fb767f9f26654b63922850a98d25ecebc38a52cbaf7b86a2671bddb6f43494d7260b40309ac1a908c8ce8f7f8cd5be41c548d4a4fb

    Download Submit

  • C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
    Filesize

    256KB

    MD5

    616cb951c49ab1d5c72f57909e634f62

    SHA1

    13bfde60d1791233ee7043b6ca792c1696656a0a

    SHA256

    c1b9489d0c1dfbf68c0beb6dd7ac6e4d5a6dcd4f7c77e600c7104189b6121ad1

    SHA512

    fb24130c79ea71ab17df1b224480048a8c6266c4d72f4ab9326de377bb470dfa454cc093b05423082d469b9428b30a75ab9656c1abf9ef82b921831d43a91f6b

    Download Submit

  • C:\ProgramData\Package Cache\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}v12.0.40660\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
    Filesize

    256KB

    MD5

    cd53bacb565a4b2dc3805c43303f47ff

    SHA1

    30df974d00ccd09043ee345944abfae159aaa6fa

    SHA256

    2613d0ca7eee7e1effa916481c4f0b192ef4496d15e6399ee7c43fa141fe43d6

    SHA512

    3eb8e45b67b48217b802ed5a715af93d1964e937e1117f0bfc5ce736284a8abffd9127404383ab612e25b3b72064d41d6b0eb36c1310d78a80a856a5b1bf657e

    Download Submit

  • C:\ProgramData\Package Cache\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
    Filesize

    79KB

    MD5

    d43ae36e61d2c1e85621a69ddffb7779

    SHA1

    58e4f0d6dbc2c36899304b8768217de8ab3119cf

    SHA256

    c5542d6f549d366da3ade4a8927b777bc1045da33ae7a2f0b60f1fed7996be03

    SHA512

    78c4b5f8d1745f1fbad49129f6ac58b1ef389d65d3de4909d8b79de6af12c5a2863193e3ddb3da9f6a8f889b770254e0560ebeaa793a344cc98b8e4d803afaf5

    Download Submit

  • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    ac4a1f32bd72051369f92ddb2ab4a45b

    SHA1

    1d30d9c638c9e4095ae9ee556da7950ecb6e246f

    SHA256

    970178141989bbc046afdfb3486b00b03ed1652c00ae90dc3aab04bea2530e9f

    SHA512

    3be6db5072b09764d819bdccea9f0914bde1cd15b063c4b8eaf1a5b4f50342c157465578754157d2205e7efb01c1089b2e518874442faa2f15dfecd328c02c6e

    Download Submit

  • C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    c898c6785d18ee43a7244005d2a30f50

    SHA1

    e4b451b29874b0d706dd0e89388abb58cf0755b5

    SHA256

    64941decdbed93d52dc0ad52fcd383173624d00baa08a5a47cfeb3700bc0f2fb

    SHA512

    b77e425b7c54f877bd7944cc202f47342a129ca1393683cb601febbf00843576eb2128d84b7b423b91379724cb5a23452322b72398f051676e38f9999681c63c

    Download Submit

  • C:\ProgramData\Package Cache\{fb0500c1-f968-4621-a48b-985b52884c49}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    2045fd524044709e612b73ca3655008d

    SHA1

    73d79a9e0e9d1949bb60c0c3fd6d45415d306657

    SHA256

    828b2d2bfbc4dbe8074eed77fe826e00fc251a7be74be036efe33aab3d24c30d

    SHA512

    ebfb8b9c745909a7bda3e0f42e8bf07f343a29cfc7ff2e3885e749a721899deaf768be93c2188b9d3ec05506984e2714d4a10237e428ff02f358efb3621d7d5f

    Download Submit

  • C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.PLAY
    Filesize

    2KB

    MD5

    4006b64aaccde443f68a1bd4dbffc3b5

    SHA1

    d4f9c6d48278548fb0e5740bafac9d0b1db2247e

    SHA256

    8f613eda1c9c8bc7e2ca6acbb7959d4c7b0d5b4a1be32516475936ca28716882

    SHA512

    f81d572bea0d1d3a16c67a53b4ac41321cb102e98a6fa25f0d4edec06eec4faf75f786f76142cc0190bbef05f32e104c5c2d452c961f6781c35087ea912ec60f

    Download Submit

  • C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.PLAY
    Filesize

    2KB

    MD5

    0be0bec9bdcd453fec305f2ebb7f84c1

    SHA1

    ae19c7aeef2a8c792874c6bb368fb6bfb795d68a

    SHA256

    04c22330bbd764b211a9757562626e3ee50348d7ed7edd575dcaf9303c0f4414

    SHA512

    4625101a3208e5e5c1509e90ef986875f41228ac83cf5f5f2dded588812a3efb387d1c65216049012a4c8a94230f1c9e3d7c75afffa521063c1543a0477f73ab

    Download Submit

  • C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.PLAY
    Filesize

    2KB

    MD5

    13b8947341e6c59563dfc3689427ff47

    SHA1

    33034e0d6421bdc8fb4c420b098cb49619555ff9

    SHA256

    3f33f83b1592612b989141ca381dd6ff2113aac3b76fba0f338b5f0ac9410a57

    SHA512

    149920fc68cbcccba40ee24f53ab4227982ecb342ad3cc67b5a9816e7b9beb0dc6030770d7c86f4b1a9463531abd171e3b3acd98e91fba3717656eeb8361367e

    Download Submit

  • C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.PLAY
    Filesize

    2KB

    MD5

    b5beaf4413b8548e4a23cf35c004ab01

    SHA1

    f0ea3d692c0dcf70684da963f43fff1da3fab0bf

    SHA256

    111602fa83575682d057ece3291c6cd476389079a6cd1a59b9378f3048b47794

    SHA512

    1a7085620063fbeb03647a0d51ae45852a3ef40d87808d8f5c415532a7efbfd7700980adcd5dfd6f91e69aa747b7fa8d8a540c44ad5a810003589798b202747a

    Download Submit

  • memory/5012-0-0x0000000002F40000-0x0000000002F6C000-memory.dmp

    Filesize

    176KB

    Download