Overview

overview

3

Static

static

1

ransomware...ase.py

windows10-2004-x64

3

ransomware...der.py

windows10-2004-x64

3

ransomware...ase.py

windows10-2004-x64

3

ransomware...ead.py

windows10-2004-x64

3

ransomware...Gui.py

windows10-2004-x64

3

ransomware...pec.py

windows10-2004-x64

3

ransomware...t__.py

windows10-2004-x64

3

ransomware...DME.md

windows10-2004-x64

3

ransomware...der.py

windows10-2004-x64

3

ransomware...ts.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    1512s
  • max time network
    1490s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-02-2024 01:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ransomware-builder-main/CrypterBuilder/Base.py

  • Size

    15KB

  • MD5

    57973dd6acb586c03772e218ab97e11d

  • SHA1

    17f2d915b701967faa7b74e69dbfeb69580fe4a0

  • SHA256

    ee5d774e79c47e245f8368fd15cb53140ac5433db8c3e458b242f0d19c798cbd

  • SHA512

    98795d0b3927709f189b8770aa76d2eb756f3257c92ef9457c071801db50fd25e09627b812f506b3afe93507142f124ce751bbcd7fd365fbd8f50af897ba272e

  • SSDEEP

    192:rkdsm9KBSQ4niAbQgaICfHE8etUUAEx0QTm7hA4ve3queuEJnZY+OGSuo0XW7VVr:YhQZAbQgaICfHztUxTmFV++A

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 23 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\ransomware-builder-main\CrypterBuilder\Base.py
    1⤵
    • Modifies registry class
    PID:2464
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:1404
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:2076
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:3328

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
      Filesize

      16KB

      MD5

      eb8658f449527edd6e95be44a9e029d5

      SHA1

      5ff225c88d900fa13a30b3f3baaa428e97219eba

      SHA256

      a5a00a54b9f2e39e97fe9aa3ec0f7b586bdff69bcf1789a7493b7e4324919cbf

      SHA512

      d57db82f64c9c939fd2c591040fc06d471c47b2f2ae0beaa35015ece6762c9a2ee1d20856b6982223b5b535ee8c3360c6f50256226449ab028f1bb3f7ccca358

      Download Submit

    • memory/3328-40-0x00000281E4BB0000-0x00000281E4BB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3328-33-0x00000281E4BB0000-0x00000281E4BB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3328-42-0x00000281E4BB0000-0x00000281E4BB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3328-34-0x00000281E4BB0000-0x00000281E4BB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3328-35-0x00000281E4BB0000-0x00000281E4BB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3328-36-0x00000281E4BB0000-0x00000281E4BB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3328-37-0x00000281E4BB0000-0x00000281E4BB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3328-38-0x00000281E4BB0000-0x00000281E4BB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3328-43-0x00000281E47E0000-0x00000281E47E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3328-0-0x00000281DC4A0000-0x00000281DC4B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3328-68-0x00000281E4A30000-0x00000281E4A31000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3328-32-0x00000281E4B90000-0x00000281E4B91000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3328-39-0x00000281E4BB0000-0x00000281E4BB1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3328-44-0x00000281E47D0000-0x00000281E47D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3328-46-0x00000281E47E0000-0x00000281E47E1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3328-49-0x00000281E47D0000-0x00000281E47D1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3328-52-0x00000281E4710000-0x00000281E4711000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3328-16-0x00000281DC5A0000-0x00000281DC5B0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3328-64-0x00000281E4910000-0x00000281E4911000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3328-66-0x00000281E4920000-0x00000281E4921000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3328-67-0x00000281E4920000-0x00000281E4921000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3328-41-0x00000281E4BB0000-0x00000281E4BB1000-memory.dmp

      Filesize

      4KB

      Download