Overview

overview

10

Static

static

10

5525d297a3...79.exe

windows7-x64

10

5525d297a3...79.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-05-2024 12:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe

  • Size

    2.6MB

  • MD5

    33559005506dae5967c8ddeaa8a65f5b

  • SHA1

    0d3c40848c443d4c7dbada45fe976cb9f616c9c2

  • SHA256

    5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79

  • SHA512

    1591fe81d82b18b854299b0ccc72ec2f31208a9ab11afd75047a3d2e3b2ae7931bd412a8401eff57790348ddb5463c31dfc3f870a6c9eef8ef86006b55be7e55

  • SSDEEP

    49152:xDmflSXRl/s9YcuT/s9YEQtQRTMYIMi7ztf33cSywWyFoEgn9u:xDmflEVsGfzsG1tQRjdih8rwc

Score
10/10
zgratransomwareratspywarestealer

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Drops startup file 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe
    "C:\Users\Admin\AppData\Local\Temp\5525d297a346b80912c4f5ec0ac4875e9d49f96d01e52c10df5c064bd803bd79.exe"
    1⤵
    • Drops startup file
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5068
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\Cash Ransomware.html
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:4540
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffecb8c46f8,0x7ffecb8c4708,0x7ffecb8c4718
        3⤵
          PID:3856
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1250470745935240167,15465278889015066370,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
          3⤵
            PID:3680
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,1250470745935240167,15465278889015066370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:3504
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,1250470745935240167,15465278889015066370,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
            3⤵
              PID:2824
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1250470745935240167,15465278889015066370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
              3⤵
                PID:2868
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1250470745935240167,15465278889015066370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
                3⤵
                  PID:2236
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1250470745935240167,15465278889015066370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4124 /prefetch:8
                  3⤵
                    PID:872
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,1250470745935240167,15465278889015066370,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4124 /prefetch:8
                    3⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4568
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1250470745935240167,15465278889015066370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
                    3⤵
                      PID:976
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1250470745935240167,15465278889015066370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
                      3⤵
                        PID:528
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1250470745935240167,15465278889015066370,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
                        3⤵
                          PID:3920
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,1250470745935240167,15465278889015066370,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
                          3⤵
                            PID:2624
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,1250470745935240167,15465278889015066370,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2856 /prefetch:2
                            3⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:4320
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:4320
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:4316

                          Network

                          MITRE ATT&CK Enterprise v15

                          Replay Monitor

                          Loading Replay Monitor...

                          Downloads

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\metadata.CashRansomware
                            Filesize

                            16B

                            MD5

                            e3cb77090835a4fe33088032760d0d7f

                            SHA1

                            393a273cfa0ea5430dad5aaf36ad6c8af0d6315f

                            SHA256

                            683c3c297c70c4fb6e8bcfc2b5afa7cdcad8d88e18fb776ace38b97a156b1a95

                            SHA512

                            addb7367d397af6d66f2aa978ceaaca91bae757af528c949b6ee7328f6c92364cd7623481be3e891d534edcdfc8665201f4e8727a697110659c2f761c61c4e13

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT.CashRansomware
                            Filesize

                            32B

                            MD5

                            83a2cde24a12c0972fa4351351b6f95b

                            SHA1

                            52693d205a2edfd78540a237a85b82c9d8556069

                            SHA256

                            16f4e0dd6a518a815e8e7b848a95c0fcbc0fbb9a7acc88f641a4126b6d0da71a

                            SHA512

                            c4c9d502f690f5ef3bfd180a97d9343cce7473640f0bd586855e07ef6c1e4cee7ee45079caff334bc7d05fd81bd6184db8ca87ad95bab65bc280d1f62d3fab11

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001.CashRansomware
                            Filesize

                            48B

                            MD5

                            072609a01171a9174d2e6824c32079aa

                            SHA1

                            7a837c8b355f335840fc81e9476b48f87e97ed6a

                            SHA256

                            39cc3314c625bb94dcacffe68f1bd56835b651fc761e41876e87f07d5d8fd4be

                            SHA512

                            fd27347fa882c9ced90bb0ac733e399d384fe32a1a3f4babf643634d8ed9572a564e8a3e8fb941dbb891d7b9d7e86e6e69aee56f2bdf9722ea1e10221726acfc

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2.CashRansomware
                            Filesize

                            8KB

                            MD5

                            b749dd52b165dcc188bf67794e890121

                            SHA1

                            68f94e1be0350d90a565b252b1e59cc74eae7f5e

                            SHA256

                            7e17aa1d6ffad0ff00ac9f3082df73cf1e4cc9b38f746248ed4272f7809c8404

                            SHA512

                            22f5c428d7f36d14c63b908e83e895fe0aa4f8104c2e867b2ba02def3c5875b5d6ccf637caa8e91e6dea45d9c084b057d817037696e7bb4474de8632cb1cd396

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0.CashRansomware
                            Filesize

                            8KB

                            MD5

                            fb2ba6c923814abb0ec46981b928ee8f

                            SHA1

                            9881f4c928e2d3f0464c53b9f59b590f8ee0a26c

                            SHA256

                            f38d2ff9ff997c3b4d23cc7455d603f86ed5f74bb96947b2322d93b2f0b5cff4

                            SHA512

                            7f12bf186cea4667abd20db289ec995f22d9d65827b19d9ccd160238ce2ef09faf10073f1eefddfb986151a2e193a03b067ff1ab1837bbadb656f8c9c11f50d1

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1.CashRansomware
                            Filesize

                            264KB

                            MD5

                            56c10a92090b89d85de92295c993626f

                            SHA1

                            43d4308fbccb6458a4a78ef4dc1200deb347f599

                            SHA256

                            4cf60b89fe799fc2c2e84fb9035066fe69dd74fcfd2f3ec645f9e4a725245e42

                            SHA512

                            80959fdf59ecd0dca8490ee453b3daa7a9c9e13893fffbd07cd9b55d48c6e309a87d8ec4911751d41be04895e880e874015ac02f24e8adf110dc3ff0c185c020

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3.CashRansomware
                            Filesize

                            8KB

                            MD5

                            bd472e22408e5bc37bc5f870c0c9f130

                            SHA1

                            5162c5f3ca8206f7913d387f20607bddf26600d0

                            SHA256

                            353fbe342aa16e44f01a07c64434fc817c770a7157e4a57db739fb653d8c731b

                            SHA512

                            fe8289890215c6fd08ed650e68b27df54889aa7b08a6f3a849c148e0aad3a3b12595e7558f8fb6b19e531d8a7a8988eec5d9923287b81ae1adc4965b66b98a56

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            eaa3db555ab5bc0cb364826204aad3f0

                            SHA1

                            a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

                            SHA256

                            ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

                            SHA512

                            e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                            Filesize

                            152B

                            MD5

                            4b4f91fa1b362ba5341ecb2836438dea

                            SHA1

                            9561f5aabed742404d455da735259a2c6781fa07

                            SHA256

                            d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

                            SHA512

                            fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                            Filesize

                            176B

                            MD5

                            4b0fdb42df7710656db54c391246153d

                            SHA1

                            76448462cca39b432c314f680ebb330258a28749

                            SHA256

                            72b128de5bd06d50af02c4113956687082280bd564ff6b5517e4bc466ae5d526

                            SHA512

                            f5681e8c75062df44e985069f51ebaf7f0cf0e10427b5dc4800e1c8af1d401816cc9bafad6157afcea9c85bf347540211332c273573c706632c290cbf90de067

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            88f558cafc9dedc28b5863c4ae41c613

                            SHA1

                            cc3ff5e5b273839270ac4d1a66040e821bb21b91

                            SHA256

                            ace726f617c6fcb26d0d61242b99d15e37dc1cfb114938577a8ba82a5659fe6a

                            SHA512

                            fe20578b57a83018cea7edbf8232802f3301cef0da284d3bca94d16374214f97ab5836f9cc27327725850b44528c00a79e3d9ca43ac4f08dcf50f9e7f058e011

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                            Filesize

                            6KB

                            MD5

                            1f8584622d3dc9cb0b8fa9f4ff4d5e58

                            SHA1

                            ae21b03b70777b24f19e600ee37b59fd27f6c5db

                            SHA256

                            454f36f713ea71ceb573bf2d51249723bb7665b02d5dbe41f74d50f77a3e0fe4

                            SHA512

                            0ad6a45a3d21a8e6fb4510ddc5f625c0e750ad25ce478b24f216c95bad7d10ce1c3583bbb858dfc2b00bb4e18c539b327c667e8d410345b7831c8580ae650a8e

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                            Filesize

                            16B

                            MD5

                            6752a1d65b201c13b62ea44016eb221f

                            SHA1

                            58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                            SHA256

                            0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                            SHA512

                            9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                            Filesize

                            11KB

                            MD5

                            34d8cf2bbed4587b338993707ab12357

                            SHA1

                            56b42ea6e6556ba9e06c8b628b2421f6f19d01b5

                            SHA256

                            5171cd7269d8fe85bc257ac4122a8f84a50f12dbc692c66b0d99f144e95a075c

                            SHA512

                            e933109946fc3755389e96b9ba928191939013ff3f4f0bd054dc511a9ca46d210c4f6b320a80714d5ce1d9d77ee318fd883bed321eae914beebf02ed16143041

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.CashRansomware
                            Filesize

                            8KB

                            MD5

                            9f25addd8fcb2508ace185d4d9d6a290

                            SHA1

                            bce62f45e8cf2236eff2644fbf2e9297356a8df7

                            SHA256

                            5134a363ecf17a3517fa9a1edc9266d424c6cc98a9e21f884ca4a6a40d998f37

                            SHA512

                            e5bd354a42c383708335638817b3c43ffb4e156cb3a66086970fdbd8ae90a88f4f74fa89b8eec374b1f66c60d7ccba10062b5136f20173ddd6c9fcb231e65dde

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{A5E73466-E220-8EF4-B956-A582187356D9}.CashRansomware
                            Filesize

                            36KB

                            MD5

                            d5af54183582cec3cbe9df521ee66364

                            SHA1

                            ea875c7495843e5f9ea8c4988c240b737edec499

                            SHA256

                            607893aae316c14d162624e043e99644da2eb29aa382392e6759b5cc98ca61f7

                            SHA512

                            6b6055c9a4923ff16b0b3ac544f9cd83e05ea497e48a2b0c68fea6c98ae111a8c7addb1b24ac33363bf921cf6c87aad7577ff93d9e45d95b96a1ae4dd7ce008b

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc.CashRansomware
                            Filesize

                            36KB

                            MD5

                            9a2d99a098b40ef379994420edb191e2

                            SHA1

                            b73b168b521ed83d801fefecad3d3eaa4e3ac16b

                            SHA256

                            4d05b3b3f469695c5be2ddfd69ffaeb4b99ee591e3d0e0930c97e19da448f5e2

                            SHA512

                            bf3500472858c77c1f46c229e4057324ccb07d9733cd0ed2fc91bac9f6b64c19ea36781bf5d2146912561bd14e5b6d73238852822ca5e2e3dc0d2438d649a696

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{dc01617b-8f7e-4705-bf4b-b26cc4947a62}\0.1.filtertrie.intermediate.txt.CashRansomware
                            Filesize

                            16B

                            MD5

                            daab0dbefdd034daf90d1dd3418fcd37

                            SHA1

                            617f80472ac1585d1739d5ce6b77a57ae2df3f31

                            SHA256

                            e70d2d9cb9ccd4671c7e84be92837fb8f352b112636d79ce7f90c58a887f3d5b

                            SHA512

                            c6befee12e35a54f48e8e1a5313f307be5b054c941b627ee87977ad3bfb1d405f0e6588e9df0d878784153b2f8e83ea04fa5da27eb27e26aa3baa8118bcf1852

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{dc01617b-8f7e-4705-bf4b-b26cc4947a62}\0.2.filtertrie.intermediate.txt.CashRansomware
                            Filesize

                            16B

                            MD5

                            fd102b5d2d0df2104bf5cb773588ceca

                            SHA1

                            1bd64084b9f7423ff46affa36a068f3bee163aeb

                            SHA256

                            dc6037f04a77c2111a953f4123ef7cef3ba2894e1a2fccda88a92c75f2bed79e

                            SHA512

                            adb39e49b56effba2d564d0f9a77dbddc506a618f98aa17f396681aaa97b8b9df4d2d28d25210589b4826f03b559b934ff1095613ff9abedba49d8f64d38b120

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596379343658014.txt.CashRansomware
                            Filesize

                            77KB

                            MD5

                            7b816beb0634714ff17db61adc245688

                            SHA1

                            5218fc0d87e49d14f7db23acd7aa64884b02ba95

                            SHA256

                            703f9f3f45edd71362667464b06751eea2b49129543e9cd189ecc9a2ddf406ca

                            SHA512

                            e171aac79a20fba8d21ce22418b30f4e1ea6764fcf8a166a3db5e5de615d90ae2e529481f92158817540f62fafa2c9e59ad6abdd9fd33012f1f21057dee50e6a

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596379941326538.txt.CashRansomware
                            Filesize

                            47KB

                            MD5

                            d06cd459612c4417661abd11168a023c

                            SHA1

                            4a892b9deed9eb2bc857562c6cbe8d21314f244e

                            SHA256

                            ad7335325c2208e69a3cb6d369d266474f808c438c7dd547b3993577f46d58c2

                            SHA512

                            aa71c78540f75aeadd13a90b15755109171916589277be8a7fb37bacee77e08b1d6a5f21aed4a584f26c2bdf84e2d7ff4e88d61ebda1830de3a415778d6e57a1

                            Download Submit

                          • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133596388097159671.txt.CashRansomware
                            Filesize

                            66KB

                            MD5

                            c8151ad6c5aa8b68d539d5827ddb8b1b

                            SHA1

                            db430ad10364704bc18d6a9631572ee0514fc28b

                            SHA256

                            fadd7a6ac829a421d8ec42f4d60897cfc2d9b202a991520bdccf40bea70ca0eb

                            SHA512

                            91201a78f38d622aae43a5feb0f45b4a82351fb0443ee2f57092b98c50a708c63f0f9788588c4de68baa60d96d381708cf6d88e9106b09a661eccbb1c2f3b9e0

                            Download Submit

                          • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7jyxcjs8.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.CashRansomware
                            Filesize

                            48KB

                            MD5

                            5acc294676f73701b852a7d79ae0db3c

                            SHA1

                            e92b195b9c4cf5210876197bd8225b944a34ff72

                            SHA256

                            693c7ee9f3f812ea8b600e52215af4a7bae4a071438b39481f46c3a83737a573

                            SHA512

                            2665f1dfee5cd2fe7e713c1171202f2f3021eb949a1fb0da990e6ecf07d221e448106053f828585edabcc0c5c7ab36c20f22119d2d77450be64ccfba83088464

                            Download Submit

                          • C:\Users\Admin\Desktop\Cash Ransomware.html
                            Filesize

                            9KB

                            MD5

                            b44c1106109486adefa62d352250f1d3

                            SHA1

                            d4787ee913a4164c516e277a2687b52b527fec0a

                            SHA256

                            795871572a9fec91cc932c8da13bcaea754b78342a543a007cfbb1b9736ff39c

                            SHA512

                            3dba0c6947757797eb586737d2bf19a73ebfd4a181978b6c9cd3a1d3e8b8fae3d363f88cacac78a2a19b1554603698bdcddab0c97df9060a2d1cbb241b33521d

                            Download Submit

                          • memory/5068-1766-0x00007FFED0E03000-0x00007FFED0E05000-memory.dmp

                            Filesize

                            8KB

                            Download

                          • memory/5068-1722-0x00007FFED0E00000-0x00007FFED18C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/5068-1724-0x00007FFED0E00000-0x00007FFED18C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/5068-1721-0x00007FFED0E00000-0x00007FFED18C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/5068-0-0x00007FFED0E03000-0x00007FFED0E05000-memory.dmp

                            Filesize

                            8KB

                            Download

                          • memory/5068-1723-0x00000197E1ED0000-0x00000197E2092000-memory.dmp

                            Filesize

                            1.8MB

                            Download

                          • memory/5068-1771-0x00007FFED0E00000-0x00007FFED18C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/5068-1725-0x00000197E25D0000-0x00000197E2AF8000-memory.dmp

                            Filesize

                            5.2MB

                            Download

                          • memory/5068-2-0x00007FFED0E00000-0x00007FFED18C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/5068-1786-0x00007FFED0E00000-0x00007FFED18C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/5068-1787-0x00007FFED0E00000-0x00007FFED18C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/5068-1797-0x00007FFED0E00000-0x00007FFED18C1000-memory.dmp

                            Filesize

                            10.8MB

                            Download

                          • memory/5068-1-0x00000197C13D0000-0x00000197C166A000-memory.dmp

                            Filesize

                            2.6MB

                            Download