Overview

overview

10

Static

static

10

00ed4c347c...99.exe

windows7-x64

10

00ed4c347c...99.exe

windows10-2004-x64

10

Resubmissions

17-05-2024 14:06

240517-reh7esbc83 10

17-05-2024 14:05

240517-rdxnesbb2x 10

17-05-2024 14:04

240517-rdkc4aba91 10

17-05-2024 14:00

240517-raznlsbc33 10

09-01-2022 14:18

220109-rl99gsdee2 10

Analysis

  • max time kernel
    147s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    17-05-2024 14:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    00ed4c347cd62526226363a0aceb851b2ef7e3a4da78433a28f2cd6cbd5f1b99.exe

  • Size

    66KB

  • MD5

    2c26b319e378755596f0ac6d293798c8

  • SHA1

    280a4cfcf5dd87898c3731b680efe061bdb7a9fe

  • SHA256

    00ed4c347cd62526226363a0aceb851b2ef7e3a4da78433a28f2cd6cbd5f1b99

  • SHA512

    0c2b53a3fed1dbbae64e7f1e7c17a89b5dc607ba40caecd5496e18ffd84cdad844e926742d9fc82a715d6e8b01a1c483d97d54f5be1f2d6997107946f2a3fe4b

  • SSDEEP

    768:BS5zkUtPX/y4Jp5LmcmItHnlIH9q9Q/048RgauHADO2A:DaXq4xTlIdYrhRcH2A

Score
10/10
mountlockerransomware

Malware Config

Signatures

  • MountLocker Ransomware

    Ransomware family first seen in late 2020, which threatens to leak files if ransom is not paid.

    ransomwaremountlocker
  • Deletes itself 1 IoCs
  • Drops desktop.ini file(s) 32 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 3 IoCs
  • Modifies Internet Explorer settings 1 TTPs 36 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\00ed4c347cd62526226363a0aceb851b2ef7e3a4da78433a28f2cd6cbd5f1b99.exe
    "C:\Users\Admin\AppData\Local\Temp\00ed4c347cd62526226363a0aceb851b2ef7e3a4da78433a28f2cd6cbd5f1b99.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • Drops file in Program Files directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1640
    • C:\Windows\system32\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\\0F762A8A.bat" "C:\Users\Admin\AppData\Local\Temp\00ed4c347cd62526226363a0aceb851b2ef7e3a4da78433a28f2cd6cbd5f1b99.exe""
      2⤵
      • Deletes itself
      • Suspicious use of WriteProcessMemory
      PID:872
      • C:\Windows\system32\attrib.exe
        attrib -s -r -h "C:\Users\Admin\AppData\Local\Temp\00ed4c347cd62526226363a0aceb851b2ef7e3a4da78433a28f2cd6cbd5f1b99.exe"
        3⤵
        • Views/modifies file attributes
        PID:2204
  • C:\Windows\explorer.exe
    "explorer.exe" RecoveryManual.html
    1⤵
      PID:2560
    • C:\Windows\explorer.exe
      C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:828
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\Desktop\RecoveryManual.html
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1244
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1244 CREDAT:275457 /prefetch:2
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2932

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\RecoveryManual.html
      Filesize

      2KB

      MD5

      c67055c62d3cc709d41922a8d38500ed

      SHA1

      3f82f8a89cf93f0eda8886d278c75923b5dad8cb

      SHA256

      2c84d161f1344b9e3ed9de0d79c9880581a5c00f387417c89d5a5ca584c7ebe6

      SHA512

      8d7b50e83c555cec2ca868a464dba0ad6fb99919b64d7eaa45b2478f61c5def36aa673222d6c92d79ab9c139f41026d9d9ca7d54cd7a345ca8fdf5479a3db5ec

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      914B

      MD5

      e4a68ac854ac5242460afd72481b2a44

      SHA1

      df3c24f9bfd666761b268073fe06d1cc8d4f82a4

      SHA256

      cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

      SHA512

      5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      68KB

      MD5

      29f65ba8e88c063813cc50a4ea544e93

      SHA1

      05a7040d5c127e68c25d81cc51271ffb8bef3568

      SHA256

      1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

      SHA512

      e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      1KB

      MD5

      a266bb7dcc38a562631361bbf61dd11b

      SHA1

      3b1efd3a66ea28b16697394703a72ca340a05bd5

      SHA256

      df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

      SHA512

      0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
      Filesize

      252B

      MD5

      947407ebb7fccbc0dc463c7ec299fd8a

      SHA1

      5994fe336c2f11ce12594aa102e11ce9ac151d06

      SHA256

      677715fabee60a092ad9b44b3c6edc9f08c64dad4bd1676a8ae9f90597bb030a

      SHA512

      974ded8d94ec2ce615918deb154b3d74a4fdf05a481211f744a006d097af49c5b1fa1e532dc560c10a73351b6b6400e457c6449e326029ae2052596ec77d3241

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4282509fedfb7131b17055391ad41b27

      SHA1

      d1c0302cab168f091e96163d84ca43b3857012b5

      SHA256

      4e1cf8dfcd1aaedb632d31f23d08ad41965f8a62bbafa7119917adf1ad7fa9f4

      SHA512

      6724e478944792b62b9442cac7949708fb58e2d002f35cbef3c76ce71e771253933fdbfc37ec4a8375acbb80576b0d2fe778b26809f78fc0de22cc1f0357c2f9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      a03be8e1e64c93978bab7f16d2f18cd2

      SHA1

      79117488cd9aaab2c03685e0ffb2c7a00f481d5b

      SHA256

      e8a56b891cf22db365070282576ee8f339081a097a6bb8324c85f38a553c453b

      SHA512

      96cee29f7cb1dfe82181d68d37a74f65a674a186d5210e8baec0e80d80e44384f174aaed724cf3f5ce4fafe878f5ceaaa68a741c149370f48ab0f63bd5c6049e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      354d57fe575736bdebc3628602070e44

      SHA1

      8cf951d583f85096e1e07fa60b8c01ec9d37c5cd

      SHA256

      1879d6a651b9c3c56305feadc3f08b1091d59f94b8ecad4027d375e6294bab3a

      SHA512

      40eb3c1d5a88f4291bf6b50288430ed0ad1e5b5d6f4e5874984d4a824f4a9f8e9fdf005b48607f986756bf39ecf89ed6e7ea2ec9f84662d6c1bce519c504767b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      708a7a13c45536793a56022a6379df9f

      SHA1

      bc926f4ffb52d6938551e8e0463e89de56279ea2

      SHA256

      90f3ba66ae4db44ceaeb08822325f61ab07c9ca6993c1b50738c485e4590ef42

      SHA512

      9fc3071987bb1795e2e6b1c1908664c6362450df8586e605e026caab153bc7fdb8792a64078f4a0b7e756a9ffbecada972e56563e4eb1ee448e75811675e7b38

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      8fa682334cdbf6d3bd1322a83d641917

      SHA1

      92c7a24ed17ab23960790a4ccd3e356c6e01fe87

      SHA256

      01fd9969e550b8ed2bd766489cdb4bf9012178c401d51dce2530bb1f1a80bb73

      SHA512

      fc6b1f1f98827a3986cb640c050f8589ef730447be54cf4c510fcc06a743016b3bb9014226bc91c3977c3050b776abdcbead55b6d867ef2be9000b8d2ae30fa0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      28626a923fab398d1c596ee8398797bf

      SHA1

      b6408c6a4958892e8fa2514b8907cb349ba2972c

      SHA256

      1fe64a81bc11b2f16f19373cf6ddd05856911365317157caf67074ef1c4bb7fa

      SHA512

      0fb742128d2d47feb5a4847eea30113cad00a60d0857e882535d227275c59caf97ffacd86ecd435533a50d5c74e958d2a7cce8acc3e286c8d3a5fa1af2e8ffa9

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      7b43574b7addfec34aff9566beb8635b

      SHA1

      1c95f87cf52a2b8caf47310a84d56fd3865aa190

      SHA256

      fe4b5ae6c348ca4284d41a614867cb84190ef174242d9099955c3e77389d3f98

      SHA512

      eabdcdc753bbf562a5f279b919558e763560a8814707aa777fb7d713885820504d882148133b54f71ea03df6cbb4b0dd5885d5d67a20be74291ebd651267dc75

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      5848fdc53915306460fc1a43767fb77e

      SHA1

      87ab97b60140e1efee22a74dbd412823e343389c

      SHA256

      2e11bb0feebff67ba41c45d8027f4e9ed7d3b8e983f6b353507223314dbfab13

      SHA512

      6bacc71fd33bacde1118cafc2c224a2f3a3a928f995bbb033dd273f74ed2c91da12ad90c8a9e39b04d97b63887f4226b89cff8bace870cf046fd94c66705c18d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      74310494bfeda8f438a1282e0231d339

      SHA1

      419aaf8f1dc77dde719f7a02b3a274b9a979f7d0

      SHA256

      e5d13cfecb97d72493ad1a2476d50d89f7ae731686d71b558107041c87dd24f6

      SHA512

      ac29621722e3f992ef5905f90b78518d816be098e57f7d4a63883020f22400fa4bd5c45a9cd38ed2b172af68dfa763781cef6058c2f9bbc5b0833969707900a2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      458eb859aaa2a8b7892d28e53f47bfae

      SHA1

      5693a8f8d3ca4bd6973d7e808baf5e37070b912b

      SHA256

      02fb9d483f916be11c1401333ecc1d0c7bbd4531fb589a5dc769042ef4febc3e

      SHA512

      20c04e413e2392b9def058252889e00ba68a4d15f6feb217a08ab862ee715ef55ecc252a92a24b2c1b9dfb1d256722ee4a39e2bf6241a23626701014c5970334

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      3b08ecdbb406856e05ba4e01dab7989b

      SHA1

      b88114de0a4bd0b2117d84ef31869e89ac853da8

      SHA256

      d9835fde92f51d5a5e559f3744d9cd63b5207a4cbfdd5bc6137cdfedcf46f2ac

      SHA512

      fb899ec28fdeefd1cce018b2334d87275c3abb1a19e5113c825bfef1a06f97f13576dabe993db896c6fcd0767f3919d59a62ba77d374811ccd4e9f666b2dad4f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
      Filesize

      242B

      MD5

      7e7664934cbf2b0ffe30cc9e4f623d7f

      SHA1

      763461d0a2f095e22c1f5d5e21fd909521aa1b55

      SHA256

      54ad0c4dac112ad04fde93f16f14ee8fc9669d55127cd2fdd80fb8c400fcbebf

      SHA512

      b4a987bc513d041fe9f04ae8862e38b9b5fe6cb1754d1d3b038c086f241df05832b2123def05a7a85a46934f97adbf83c399b27da058b557fd4f0eb96ffa5424

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\0F762A8A.bat
      Filesize

      65B

      MD5

      348cae913e496198548854f5ff2f6d1e

      SHA1

      a07655b9020205bd47084afd62a8bb22b48c0cdc

      SHA256

      c80128f51871eec3ae2057989a025ce244277c1c180498a5aaef45d5214b8506

      SHA512

      799796736d41d3fcb5a7c859571bb025ca2d062c4b86e078302be68c1a932ed4f78e003640df5405274364b5a9a9c0ba5e37177997683ee7ab54e5267590b611

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar5C59.tmp
      Filesize

      177KB

      MD5

      435a9ac180383f9fa094131b173a2f7b

      SHA1

      76944ea657a9db94f9a4bef38f88c46ed4166983

      SHA256

      67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

      SHA512

      1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

      Download Submit