Overview

overview

10

Static

static

10

Nvidia.exe

windows10-1703-x64

10

Nvidia.exe

windows7-x64

10

Nvidia.exe

windows10-2004-x64

10

Nvidia.exe

windows11-21h2-x64

10

Resubmissions

12-05-2024 18:26

240512-w3ftesdb55 10

12-05-2024 01:57

240512-cc9t2aea99 10

Analysis

  • max time kernel
    150s
  • max time network
    155s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240508-en
  • resource tags

    arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12-05-2024 18:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Nvidia.exe

  • Size

    2.6MB

  • MD5

    87610f8f3d48edf25d48c4c0ba2b3486

  • SHA1

    ab7498abd8626c968c84167ef1c1c503faace1fe

  • SHA256

    e387c084d5c3b62413743e912ee10776564e7c55ba1dc801990b312b88b61efe

  • SHA512

    73840a477b360fb1ab2061087838618a748f8b24560d289d563b4ba4b1b905f62686f4bca2c2e236007be1bc5931711c0d162b1c0f3ade009861e004116ddfe1

  • SSDEEP

    49152:O+8l/s9Yf5u4uT/s9YEQtQRTMYIMi7ztf33cSywWyFoEgn9u65:OtVsGobzsG1tQRjdih8rwcV5

Score
10/10
zgratransomwareratspywarestealer

Malware Config

Signatures

  • Detect ZGRat V1 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • .NET Reactor proctector 1 IoCs

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Drops startup file 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Looks up external IP address via web service 4 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 12 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\Nvidia.exe
    "C:\Users\Admin\AppData\Local\Temp\Nvidia.exe"
    1⤵
    • Drops startup file
    • Sets desktop wallpaper using registry
    • Drops file in Program Files directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4628
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\Cash Ransomware.html
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2416
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe8,0x10c,0x7fff78b83cb8,0x7fff78b83cc8,0x7fff78b83cd8
        3⤵
          PID:4108
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,1465562583038401145,2861087974203978428,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
          3⤵
            PID:1836
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,1465562583038401145,2861087974203978428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2020
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1852,1465562583038401145,2861087974203978428,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
            3⤵
              PID:4936
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,1465562583038401145,2861087974203978428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
              3⤵
                PID:4820
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,1465562583038401145,2861087974203978428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
                3⤵
                  PID:808
                • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1852,1465562583038401145,2861087974203978428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
                  3⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:4016
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1852,1465562583038401145,2861087974203978428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
                  3⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:240
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,1465562583038401145,2861087974203978428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
                  3⤵
                    PID:3864
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,1465562583038401145,2861087974203978428,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
                    3⤵
                      PID:2244
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,1465562583038401145,2861087974203978428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
                      3⤵
                        PID:312
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1852,1465562583038401145,2861087974203978428,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
                        3⤵
                          PID:320
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1852,1465562583038401145,2861087974203978428,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2608 /prefetch:2
                          3⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:1744
                    • C:\Windows\system32\vssvc.exe
                      C:\Windows\system32\vssvc.exe
                      1⤵
                      • Suspicious use of AdjustPrivilegeToken
                      PID:2644
                    • C:\Windows\System32\CompPkgSrv.exe
                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                      1⤵
                        PID:2900
                      • C:\Windows\System32\CompPkgSrv.exe
                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                        1⤵
                          PID:3928

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT.CashRansomware
                          Filesize

                          32B

                          MD5

                          6a72e38af9fd2dabcaa5a34b1e4541e9

                          SHA1

                          3441e0efe2708dd29b2a3117083425236e090f6d

                          SHA256

                          b7504e2edc3650764f952fc76dec486dd72f9cbf5b788ad8db8a2554d6163428

                          SHA512

                          b37d54a9538f7b889d50876f681071206bebdb09febbc925b04034832368df7831416aa112bd589f65fba3f6b14af4e812207944abe8d5fc4ff7bc36bf774109

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001.CashRansomware
                          Filesize

                          48B

                          MD5

                          13b2aef5ee351e0de0df0a6579ee8e0b

                          SHA1

                          50a15abdc67745dbde4fabcad3ea28cb171abaaf

                          SHA256

                          bb22b5b0700beb5624278fb95bfc452bfd6c96c9def348e0d9fe8e0d23fbd745

                          SHA512

                          66ac8aa1fd8a2f09f7e6bcf846599fb2ef88399c85ebd94db3bef2e50e91ae1c1518b596af4696e3c21e151e9599c0f5d866e84d9d9819a7028857aa1cf843eb

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2.CashRansomware
                          Filesize

                          8KB

                          MD5

                          aaf52be04bad9248db44065853a0962c

                          SHA1

                          70bf4d63f2d267a25d6a0fb4eb329a60fb549987

                          SHA256

                          ec9ae02f9887306b5ce969b21b68692921250c38881f63c11488e271171e9571

                          SHA512

                          232de77990c92b3e731e7cdb3e302150f6a54ee771aefd48c6910346d35aaed1249be6c1b78d8a5412ba8679a4dc12f6b03e89ee5275bce31c50c771773518d5

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\First Run.CashRansomware
                          Filesize

                          16B

                          MD5

                          867a6cbf9bd49c96dd6f8e03198eb2bb

                          SHA1

                          94fc4d76743f598e539bce3198e53f801a1fc538

                          SHA256

                          af9626b1157c281bd0e6b55e55ce3c71470746686881bb21753720d035ac202a

                          SHA512

                          a4e170a6a59b7f8faacb53a868714be33c9d94b3bdd44c075e7469c6d23795492cbafd63adb30c6171e03dbffb047a0841799bc0642ed4ea6db21d892b53db0f

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0.CashRansomware
                          Filesize

                          8KB

                          MD5

                          387886bf11a1e9f45ce0f467bcd6aa4f

                          SHA1

                          6ed45e5a20751d0d2b6454ad91315f8e56c3e6a8

                          SHA256

                          6b0dcb6534d0a3b402547809a89f870a385d2656b81a0287810fbc755e4a3dfa

                          SHA512

                          5f35573163d687a71636f842d796c97f101cde7fffe5a3202059780bbc03c13541b824aabc003249569034a47b3c8fe1b06b9554a9940fd7edaad07a3eb723a9

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1.CashRansomware
                          Filesize

                          264KB

                          MD5

                          a43cc0fddbcd165c96f985c8a9c37614

                          SHA1

                          bfd07cae8353b89f0bc945d3d49f75864f740490

                          SHA256

                          19b5ab9b1d0d582272d18dad6db49ff482441f150ba116d200a8602fc0dad147

                          SHA512

                          5045d133d34388906fc197fcb6d971e1bed66334e5a46abb54e6be20140c8d4731298cd9dd02b1ee387c8ddc7516bf79775227c9f8d461ef488a2da6a04af9ac

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3.CashRansomware
                          Filesize

                          8KB

                          MD5

                          be3fc33928bd2a2fd8baab281a426549

                          SHA1

                          3e2ee3834e55cd6062b4b058b3cf37ede2da7524

                          SHA256

                          adf37a8e1faa841cae013671c5d02b1e58423efa3292ab07ac402d338a26e8bc

                          SHA512

                          e79b39a947870b8347e03e5fda7f1c490dbc11624451f13c7bfb4e518286a3c6cc44d19322ccfea3c3a991a26f1ec4685615b5c3133e9b60d9f1ec671eca9d39

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                          Filesize

                          152B

                          MD5

                          8294f1821fd3419c0a42b389d19ecfc6

                          SHA1

                          cd4982751377c2904a1d3c58e801fa013ea27533

                          SHA256

                          92a96c9309023c8b9e1396ff41f7d9d3ff8a3687972e76b9ebd70b04e3bf223a

                          SHA512

                          372d369f7ad1b0e07200d3aa6b2cfce5beafa7a97f63932d4c9b3b01a0e8b7eb39881867f87ded55a9973abea973b2d2c9b6fc4892f81cec644702b9edb1566d

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                          Filesize

                          152B

                          MD5

                          390187670cb1e0eb022f4f7735263e82

                          SHA1

                          ea1401ccf6bf54e688a0dc9e6946eae7353b26f1

                          SHA256

                          3e6c56356d6509a3fd4b2403555be55e251f4a962379b29735c1203e57230947

                          SHA512

                          602f64d74096d4fb7a23b23374603246d42b17cc854835e3b2f4d464997b73f289a3b40eb690e3ee707829d4ff886865e982f72155d96be6bc00166f44878062

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                          Filesize

                          176B

                          MD5

                          4b0fdb42df7710656db54c391246153d

                          SHA1

                          76448462cca39b432c314f680ebb330258a28749

                          SHA256

                          72b128de5bd06d50af02c4113956687082280bd564ff6b5517e4bc466ae5d526

                          SHA512

                          f5681e8c75062df44e985069f51ebaf7f0cf0e10427b5dc4800e1c8af1d401816cc9bafad6157afcea9c85bf347540211332c273573c706632c290cbf90de067

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                          Filesize

                          6KB

                          MD5

                          974e00d6913a3b64e958a9342fee112b

                          SHA1

                          4da26a21c2df7886e356d2d3408dd54affb0a057

                          SHA256

                          d3d207174627c61e350bb15198e193b7015d8db4b1657c69c9e663e10e14a285

                          SHA512

                          8f955a4ea8c393b5e9d3c980693e133c3d8de82369cdeb746524820e92edc1148e7782aa29d30f9172da43ef90a9506b6761d154987558fb3c803b13426c72f5

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                          Filesize

                          6KB

                          MD5

                          6a824f4eafd69e72fe9ce870c6b0c00e

                          SHA1

                          8f1e5cd47abe5604090286d74f473e3b32bd4f79

                          SHA256

                          e4e34cccd90fa2de2bf863129735c2a72c719ef7c784587d61d2a0f8c8408692

                          SHA512

                          4e7b69b64a105510589829428f619b199b6e7229bb12967df5da161f89e287957ea9f69312461b81139cbfe8e4a275c0bef39424c0813ed5958c2672a5467430

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                          Filesize

                          16B

                          MD5

                          6752a1d65b201c13b62ea44016eb221f

                          SHA1

                          58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                          SHA256

                          0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                          SHA512

                          9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                          Filesize

                          11KB

                          MD5

                          2e8d751eb1ec6f59562d0c86d3185ae5

                          SHA1

                          d5a29a5d76fa47c92ad4d8c9ba5759b89c4892ad

                          SHA256

                          94a04ed51b69f44cc50324ac78ef98612ef19b775a653d5c705526f136df80b5

                          SHA512

                          983899b818e23e7bac98f4f7780d697eae8c39e2e1aa608b8e3fa6bf06a9ddcc78950d36abf889ea0a0f5910fc935801696ad609db1c75af92a10881fbaab6d3

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat.CashRansomware
                          Filesize

                          8KB

                          MD5

                          9402e21aee5daa87f099a9571a819fad

                          SHA1

                          2807a978b905de378f1d114b6f30086255adbd63

                          SHA256

                          d41edb53cdb2a5ac0d67dbc9ecb8f2cfacac6e752458519bfd98ff76212c579c

                          SHA512

                          dfed2612d502a64b2e099bd2f28631267c253d1b25648a5a06ea65e383ed2cd7c1bb675d704529724ada72994119f78a27b17df074d96012f35079faf1d1f4bf

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AppData\Indexed DB\edbres00002.jrs.CashRansomware
                          Filesize

                          512KB

                          MD5

                          94188630413cf6818968512acb10a899

                          SHA1

                          dd0bf0044553417c3748496a345c7a812caaef68

                          SHA256

                          5058ce2830d55c5fefc7825951579dbdd2666e247c24a4d1915b1eaf59887938

                          SHA512

                          2d4e31921b477ee71d2c955e45b7e6a220e83fc08014abf648a2da8bc1be63fb046ccc3084d2cf0761adaff655a84da56b7d60110e29756dd3703b93b45708fa

                          Download Submit

                        • C:\Users\Admin\AppData\Local\Temp\wctD9F4.tmp.CashRansomware
                          Filesize

                          63KB

                          MD5

                          79e448b2e54fc325b7df7ba776f44be0

                          SHA1

                          971d3fca4a1cd867fcce51d88fe53811b5d8a675

                          SHA256

                          f290b45f33fc46a8b18ab46c00cac0566b305d34d7d1e822a1687cf9a8d46b06

                          SHA512

                          2fc818f5d8b03ca0a9323cd98eda9b7dbb58215faf528edee75855b1add41602baac45f56e18ea6605e73455360164b2ad5fb7620f7e42a5310cc17746d42c35

                          Download Submit

                        • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3qt190sk.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite.CashRansomware
                          Filesize

                          48KB

                          MD5

                          6246b46a7939cf18d8c0e9fd444bd6fd

                          SHA1

                          39ee4716524282ea4908e93523ed8c6f5d0ba300

                          SHA256

                          4dd7fe195b4c3af28719fc7b529b75d11961a1d472283e3ab73a023adbe003ae

                          SHA512

                          ca250218f5ed7e9d0970121db1f9e4f0ccd6c5a1432282b1397fa718b97dd9a51547868eaac0948e51d1d9e2273aecfff2c39a6047a72d402b3e284bd955e6fa

                          Download Submit

                        • C:\Users\Admin\Desktop\Cash Ransomware.html
                          Filesize

                          9KB

                          MD5

                          b38d3abcc3a30f095eaecfdd9f62e033

                          SHA1

                          f9960cb04896c229fdf6438efa51b4afd98f526f

                          SHA256

                          579374af17d7b9f972e9efcb761e0a8f88ef6d44dce53d56d0512d16c4728b9d

                          SHA512

                          46968c3951daa569dfecf75ba95a6694d525cbbd1883070189896ab270bb561cb2d00d7d38168405da1f78695f95cc481d28bcbff74be53d9a89822a09595768

                          Download Submit

                        • memory/4628-1560-0x00007FFF7D5D0000-0x00007FFF7E092000-memory.dmp

                          Filesize

                          10.8MB

                          Download

                        • memory/4628-1561-0x00000284BBA70000-0x00000284BBF98000-memory.dmp

                          Filesize

                          5.2MB

                          Download

                        • memory/4628-1559-0x00000284BB370000-0x00000284BB532000-memory.dmp

                          Filesize

                          1.8MB

                          Download

                        • memory/4628-1558-0x00007FFF7D5D0000-0x00007FFF7E092000-memory.dmp

                          Filesize

                          10.8MB

                          Download

                        • memory/4628-0-0x00007FFF7D5D3000-0x00007FFF7D5D5000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/4628-1596-0x00007FFF7D5D3000-0x00007FFF7D5D5000-memory.dmp

                          Filesize

                          8KB

                          Download

                        • memory/4628-1597-0x00007FFF7D5D0000-0x00007FFF7E092000-memory.dmp

                          Filesize

                          10.8MB

                          Download

                        • memory/4628-1557-0x00007FFF7D5D0000-0x00007FFF7E092000-memory.dmp

                          Filesize

                          10.8MB

                          Download

                        • memory/4628-2-0x00007FFF7D5D0000-0x00007FFF7E092000-memory.dmp

                          Filesize

                          10.8MB

                          Download

                        • memory/4628-1620-0x00007FFF7D5D0000-0x00007FFF7E092000-memory.dmp

                          Filesize

                          10.8MB

                          Download

                        • memory/4628-1621-0x00007FFF7D5D0000-0x00007FFF7E092000-memory.dmp

                          Filesize

                          10.8MB

                          Download

                        • memory/4628-1631-0x00007FFF7D5D0000-0x00007FFF7E092000-memory.dmp

                          Filesize

                          10.8MB

                          Download

                        • memory/4628-1-0x000002849A010000-0x000002849A2B4000-memory.dmp

                          Filesize

                          2.6MB

                          Download