Analysis

  • max time kernel
    122s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    11-04-2024 17:49

General

  • Target

    American Medical Encyclopedia v1.0/crack/MedEncyclopedia.exe

  • Size

    3.5MB

  • MD5

    a9acc6fc0428a5b5236b9cc1c0e44bc8

  • SHA1

    1d178db2a06574275fa24983f3f1d0035b2edae5

  • SHA256

    4a8256ef95e5f23d5925059250a40c1560d409dbfd84667e0b394f705db5a879

  • SHA512

    3c1d8f5ec94386fcf63e9c469a47994be1160e323202b3cea05cf452d71a55f0879063284988d17bf9518760052d55ed29a0e7f0676dacca2af3f92fd5bd43aa

  • SSDEEP

    98304:sMngYhpbyHMCIXrxrm6dbt7FM2iJl1N2b:kYhpbyHMRU6pt7FWl1W

Score
10/10

Malware Config

Signatures

  • clop

    Ransomware discovered in early 2019 which has been actively developed since release.

  • Modifies registry class 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\American Medical Encyclopedia v1.0\crack\MedEncyclopedia.exe
    "C:\Users\Admin\AppData\Local\Temp\American Medical Encyclopedia v1.0\crack\MedEncyclopedia.exe"
    1⤵
    • Modifies registry class
    PID:2208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2208-0-0x0000000000400000-0x00000000007A5000-memory.dmp

    Filesize

    3.6MB

  • memory/2208-1-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB

  • memory/2208-2-0x0000000000400000-0x00000000007A5000-memory.dmp

    Filesize

    3.6MB

  • memory/2208-3-0x0000000000230000-0x0000000000231000-memory.dmp

    Filesize

    4KB