Resubmissions
16-03-2024 17:17
240316-vtswysfd2y 1016-03-2024 15:31
240316-syg9xafg39 1015-03-2024 08:15
240315-j5rmgsbg5z 10Analysis
-
max time kernel
173s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
15-03-2024 08:15
General
-
Target
ec09cfa4a79d709daed859d1a0e131aaa994f4a7b4bed80406125db76446fbda.exe
-
Size
23KB
-
MD5
71d9e6ee26d46c4dbb3d8e6df19dda7d
-
SHA1
a88176cdd3df153349104442eac4e2d1c416e457
-
SHA256
ec09cfa4a79d709daed859d1a0e131aaa994f4a7b4bed80406125db76446fbda
-
SHA512
d6a61d6d32bf636bec7948323a422116b359dadf78e55327633ad5c3de41e6c15dcadd27a8c53453ef14dd63184c22dee82420b99338f5cc7359e9f6ec50cca7
-
SSDEEP
384:eebFNw4Pk1itKkpAjjI2Ypdm/nYi/8lhRea16Wv88oyLOixGqKWW0o:e0FmBkpKjPYpudR4v8x3iAE
Malware Config
Extracted
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txt
fast_decrypt_and_protect@tutanota.com
1NJNG57hFPPcmSmFYbxKmL33uc5nLwYLCK
Signatures
-
Renames multiple (1943) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops desktop.ini file(s) 11 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Modifies registry class 10 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ec09cfa4a79d709daed859d1a0e131aaa994f4a7b4bed80406125db76446fbda.exe"C:\Users\Admin\AppData\Local\Temp\ec09cfa4a79d709daed859d1a0e131aaa994f4a7b4bed80406125db76446fbda.exe"1⤵
- Adds Run key to start application
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Modifies registry class
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\$Recycle.Bin\S-1-5-21-2461186416-2307104501-1787948496-1000\desktop.iniFilesize
129B
MD5183a3c38b0cecfec6e071e5e0230c9d5
SHA1512f4f9f160af1a4097d087a8537c286dd19783e
SHA256dbcb7097128d51acaf60685dc7bb849d57499d4ce521e584166421f6d17a3cc1
SHA51241f4510596979981d2fd13c20974af7a1a6a3f9ab205c54753f92bee3b75b7c2e65d5292db0b9ee932dede48c1b3e10074c2a7a6509cd00dabc2e169467e36c4
-
C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\HOW TO DECRYPT FILES.txtFilesize
957B
MD5a6120ea15b3e9776ed01eb70cb9dc2c7
SHA1584b21ee76415e04e8e437ac8ded20ded3fdda86
SHA2565f8cf6fc0b8da0e8ae1afd12ae7c7dbb63a2e8c8fb0cec3bce4abf83dbdbade1
SHA5129892c254bddace38de963421bfc30a6ac55eea5386a6aadb2bf168184ad9faa10310474404434d1b314b4810d582daa00f601e292acd77e9b5172bdba7dfbf0d
-
C:\Program Files\Java\jdk1.7.0_80\jre\bin\plugin2\msvcr100.dllFilesize
809KB
MD5708a6f85cabf0b22c4baaff9363c41c5
SHA1a8b65d95f95a4a3b0d86e202037026634e3fd704
SHA2569a914a4510e0e129d9737aa6c208feb1144e90d777e8982d17c019c0fbb563ef
SHA512a046b674a149baf159787b29a1e89cdf4ecd6fd15153b4b71a786e9717249e16dc1c02d43a07e1727386895dbadf538d9859fc882c2575fc1513191c74c2cc3a
-
C:\Program Files\Java\jdk1.7.0_80\jre\lib\images\cursors\win32_MoveNoDrop32x32.gifFilesize
153B
MD5a9a776eb0893e42d74ce9b26cfca1465
SHA100a6d5d357c215e58e2b0563bd500d59b4a821f2
SHA256c4f10c853484c0aaae1cf91dd84b0fe472096376b3af93db72f7232d4bd2d992
SHA512d7482b8ba540a39b9917e7f408d166dfd9401b7c88ecedd05049a16524b5982b17ed7504f1e001edef027dd27294ba5238129a4769ab979e9c7a5b0ce095a6bf
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\epl-v10.htmlFilesize
12KB
MD5840b756da93eb68d7c7874b1102de622
SHA162960149974a0b99a166f3bccf85c4fdbb0a56cd
SHA2562d8b29c004d2bd927093a03310abd29c572328044208cce8c137810630cccb9a
SHA512ab07ddf1b0650f03ed1f14d7fa0ed49002920b9390995f2702ed6ec6001aeb29fee7c8e1c960962397c3c3477d4b242d109286ddf88248ee7eaa6eff5b8a6818
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.htmlFilesize
8KB
MD57f0b20c2fd1135f17e8ab4359d113416
SHA1425cb0afa3b025b0a13f29c47193fd5ae5c5da9c
SHA2569d9e7db6e107dd55c70105a42ee1fe8aec40d2d3ed1950971d606625d99d89da
SHA51241ff22b255b2de26977a18350eb8e67500bee6375f32da3fcea0d68b8cfcf710e2e4f2438326bc9f00773fd677602ec56a154c63f8a77cf8d68e6fb37b116e0f
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.feature_3.9.0.v20140827-1444\META-INF\eclipse.infFilesize
57B
MD5c1cd0d3c8780ba3d7edf45b3d1e76c25
SHA18adc10564e2e21ad75ef9af30051777c3c1defd2
SHA256cb3842bce9192100a721a7170c967c3ed3b91830599b3c62251df9256caf4dfd
SHA512f343a1e87070831b9255f0334a840a48fea4343ce2168d8c95b51b5461cd30589a0397a6b2d6de42ec1dfb33dbb43cd5a6a9c51770218748c720a265f03e1265
-
C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\asl-v20.txtFilesize
11KB
MD54a939383a8879d5c298cd64b5e282fb4
SHA1545c6971c9a7eee80e37d1672a74d71a4acb652c
SHA2563cba054381559a4c32cbf2eadeb84e9a9cbad0822eecff1a9a14cda3d901b007
SHA512f8bb642a63ba02891568e666eb38032ab99bb6f6b24b9c3a73b5ea662517917c54210d9649774142d8546109e37b84b97d2c2b32569f2e6ff2b9091af42f3ada
-
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME-JAVAFX.txtFilesize
109KB
MD580aa92ade0728895f0838e133dfb927f
SHA1b4b305e766522c7ff5ac77a4e4b749699f3f9dda
SHA256c91d02a262593b22bb28839478e897a5dcf93398fc43b95471dfe3dc1e97369c
SHA512a239c1e2c7b60277b3281bad2516dc3c939796556cbdfb04ecf558e9e1de13ca8a07cad6480ed80c1c9e0ef2d02b7bdf80b66cda55734b6ebeb6208f38a418bc
-
C:\Program Files\Java\jre7\THIRDPARTYLICENSEREADME.txtFilesize
172KB
MD5d40d4091c20f8068831c1b2b2e8f72e1
SHA1fd6a52fc453f4f575c279e66446712e399066e17
SHA2568ad819d002bc56e4860f37b8d301990e3c229e1581ee6b5401ffcd229a434912
SHA5126037e829caff0b4fc9ce71c3d355c22318a27f5dd984e23392adf042518489965f5eccd326dbf8b2ba4259dbbdd36d75bf08de8ce1ece712344def9080e099bd
