87ea25aa508ce033ec52f0d49d193e3e65d477269e31d0f86a6b279d3f09a5c0

Analysis

max time kernel
134s
max time network
136s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
01/05/2024, 07:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

filelocker.bat
Size

1KB
MD5

fbfc9e2557944779913f8183586aaf65
SHA1

ab4b364cae96296e62600301229d24f739c00efd
SHA256

87ea25aa508ce033ec52f0d49d193e3e65d477269e31d0f86a6b279d3f09a5c0
SHA512

e2c33d2214b5d64c981a46d83c98ee77b9b8c1b9448ed2f999bed0461c2e609c85037bc52cc35ba8791d0c00e38f99acd838cf3afd6a3ea2f78707a8665dff3b

Score

9^/10

ransomware spyware stealer

Malware Config

Signatures

Renames multiple (106) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\filelocker.bat"
1⤵
PID:168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB.locked

Filesize
22B

MD5
264093889b22cfd7038648d48c6bfdea

SHA1
90e62f89b6aad140ac148ef2ef45cc73f8085c32

SHA256
e46056a219b6d4181347a3662c42585072ca5460d082ddc9a45c9e103cbac7e5

SHA512
7049ec1ba63a33ab3410f66f4761bef07749e91369ec153ed2863cab6910c90b15d5c9bc723d1ff942477c0c152423a2de0a3d38dd1fe5b644f201db4369e93b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\de\messages.json.locked

Filesize
338B

MD5
3b096d4a7bc1858880f65ec2eb512b8a

SHA1
af0e421e127af6e9bc3e3c34b62a3d33ed9360dc

SHA256
e920ace9638cd282750b6ec92c28c1cac259580236bdd8359c83cdea87285bbc

SHA512
fa999d0f96d79310f67c989a75692baa9a7a2685528405d25d629e9ebdde22b858d99a9a52ec58619ac2a7aed6758ed7cf468b7cb67628b267fe3aaa2a6b3178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\topbar_floating_button_hover.png.locked

Filesize
53B

MD5
0686b79752399b2484a94afde46d5515

SHA1
b6c2178d71407caff7fb63116183189eafc6ead5

SHA256
c1a9525502058c6f27849914336645e8af0e8e49db561076107cb0d32efad41a

SHA512
2f21294906180ee5288cf07cc268a2845004c766b8559e09eae48defbef5e672cd306f0d941c4fea1bf93abb6d2f5cb0b6d152a8ca32c2f147c17023f712ac48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT.locked

Filesize
10B

MD5
43932677b0c842e66b4ebfd9bd27797e

SHA1
a30b04cd4d6b3d2300a7546bd6305efe2abe0b70

SHA256
a5ff25a4258e622a62e662b8b6fababa6f9516011c2a834cbc65be07b99960a6

SHA512
536e1ac134fea55ea8c9dc3f9217881e8195c41f06b68509f651a6cc93c4e6f5036eaf3951c05cb43d6cc9f18d9c016a0c56d7a4c023d1d9d6cc1c03d99c7f60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old.locked

Filesize
20B

MD5
c5837533c3be6bf2e9411aafb35cdf35

SHA1
e0ffd6dfec0f60f5fb49c53af24bc3db712ad089

SHA256
4008464139756868fcd98ae2bce8ba5414d7e2a2d637c77247c6e1b89890399d

SHA512
6e279f1d2a01a3c6a4438f2955d114633847aaa41bcbd6d1b12c4d39393a688777e2862fbe5254e87b28a14b4a23185224712d6444898ba09c8119f1f7013972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.locked

Filesize
30B

MD5
aa96ac33776e7eeae68e4d130e1b6321

SHA1
61a6099ff5e5536c0f817d6e5d856cf49fa26949

SHA256
65b490fe9244d65763e47f263480b754b2abb79c5a34b3563098752b01e41bc5

SHA512
63e664de83ea35daf75e52a6968a6fcd1aed90eafa67001a4675494366096456828afd48d834cc79354e2dba7fcbb0d2f2a892c0b5138550382ba0e42e4186f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\images\overflowIconLarge.svg.locked

Filesize
72B

MD5
1659525c56ecd512fc06101454b36dcb

SHA1
ee4647374ab16cc85734d6ba40027d8b9219a0cf

SHA256
612f907042f4121c36bf16c7d32f32d77628b0194804460d94c352c3b2a01809

SHA512
0b87cc9877400205b5812ffc1bd1227fff7b5e7baf5456cbfa0399fcd63bde50d7dca2223f05142d783a2943b3c325b58426e73a3ce63607d29d04ed5c08acb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3764_241639018\CRX_INSTALL\_locales\bg\messages.json.locked

Filesize
338B

MD5
b60323dce036a1a9f7ca5c86771f9c8f

SHA1
9a5b94f42cf0b8ffd6eceda1ac073835b29dee16

SHA256
1553d1d82a0a44d9ef784b4bf6e6a2b7d4afd2d5f12de7a9c9e32071d714d1ad

SHA512
9945775983f9560494c6c9b5ddd8b0528eb37912d246fab67a3c07db67f6bcd94e737ebe9a6d079e6de9a99d468e246da1dded5f98abb22cfffa1e73f50109f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3764_241639018\CRX_INSTALL\_locales\hy\messages.json.locked

Filesize
10B

MD5
a6eeb540e53d762059dbf5830f34d979

SHA1
5fcb7059e0dcf09a4329b47fd1fdbf6eaa5d7e1f

SHA256
8da84ba8516aa244da72498ad5839e9263140a7269372694845fd90ac147e508

SHA512
b16ccedbd35db7bf8a93387dd5530acd186de955ee5b740401e288ed6fb16089d87eb05c925558209e856f4610cd01618099182e9dd3537ef0f86150c7ff2a87

Download Submit