Overview

overview

3

Static

static

3

ransomware...it.exe

windows10-2004-x64

1

Resubmissions

28/05/2024, 12:35

240528-psckpadf6x 3

28/05/2024, 11:47

240528-nx7qysba63 3

Analysis

  • max time kernel
    273s
  • max time network
    281s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/05/2024, 12:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ransomware file legit.exe

  • Size

    41.1MB

  • MD5

    6f9c812363aa2323a89bdb6aad7c77ce

  • SHA1

    eaf283eee8304e8cc88b4acbe5181c08685dd657

  • SHA256

    7d23c1e17325e4e3137962459f46c59f247b9868d66d869738dbcab83625b47d

  • SHA512

    21df9bbc1aac09539134c702b4daf947886d69d1e225b8dbdb49b75c26495ae38a1f4c28b1da184d792484af2001bce2a3909c2b24a62ffba46d3d09a4eadfd1

  • SSDEEP

    393216:5hCrtQt+eh1B4M4MNl3KKaFD4kkRbxNzZZVrngyJ2BGnHMyrMGnA49m7vuDSO2Ae:j4juhck/e

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 44 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ransomware file legit.exe
    "C:\Users\Admin\AppData\Local\Temp\ransomware file legit.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    PID:2004
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x3e0 0x3d8
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3348
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3424
    • C:\Users\Admin\AppData\Local\Temp\ransomware file legit.exe
      "C:\Users\Admin\AppData\Local\Temp\ransomware file legit.exe"
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4608
    • C:\Users\Admin\AppData\Local\Temp\ransomware file legit.exe
      "C:\Users\Admin\AppData\Local\Temp\ransomware file legit.exe"
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:3944
    • C:\Users\Admin\AppData\Local\Temp\ransomware file legit.exe
      "C:\Users\Admin\AppData\Local\Temp\ransomware file legit.exe"
      1⤵
      • Suspicious use of SetWindowsHookEx
      PID:4744

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\limbo-godot\limbosave.cfg
      Filesize

      313B

      MD5

      32faddd6312d6935bca9359a8e7db531

      SHA1

      f6867963f099e85983dd522066bbd7e1c0577c30

      SHA256

      6a5ab678e75e0687dc645e0d9762b27206e61ceeeaddbe8e476ba026659601f3

      SHA512

      cfba96cbe837abcfdb05bc809cdf6101427e6436aa4a87c1d1b9aa39fa223f029f8fb99121f6e130873dc4db197b156f275c9eee1fc5535c2749df09acd36dfa

      Download Submit

    • C:\Users\Admin\AppData\Roaming\limbo-godot\logs\limbo.log
      Filesize

      1KB

      MD5

      d831a8eac10616b48127d12693cd57bc

      SHA1

      0f05ffe1e306c2a3b8d5bce62791a3429ec21765

      SHA256

      e0ac130f7b43b0afed4e496e55c5a40cc0cd2e5afc2962b7e2f40074e1159828

      SHA512

      95225009181ecba9238e5bb6422f6bb66b53bcd05ce25e0a82836a7b2281e06218ca07d47071ac09c3e2f85e4cf5a5aa97c1e06bb13528020fe9c2a5baaa318d

      Download Submit

    • C:\Users\Admin\AppData\Roaming\limbo-godot\logs\limbo.log
      Filesize

      1KB

      MD5

      99ad6634feeea88bf8876942159440aa

      SHA1

      9df29393bcbae902aabd190e41bc5caa84cfc616

      SHA256

      b019dfb915197a73e42a7f71d9598b4ad9250791d6d6ffd97847c28cf4729510

      SHA512

      a01192017434742d2a7a7dc44d03c898c147ba8ebfd9ff8851e61e37827b65fa2e9388dc569d698f0e7a8c59ccbba0c3d787288184be38232d0c40bf1d0c6a3b

      Download Submit

    • C:\Users\Admin\AppData\Roaming\limbo-godot\shader_cache\CanvasShaderGLES3\eadeb0d3221a48e2f7ad226b2639cdab1ec62e3e5c2ffb5c0ab05d4c12a3bdf2\09e03c554b262adf79a2b39980be2dc9f80e734f.cache
      Filesize

      137KB

      MD5

      89233bee3bd914c05ff76772c117fd6c

      SHA1

      cc7ed63c2eef9f69479f4ef244fb985225ae65a6

      SHA256

      025ed3198fce158055e23a91efa6d977427df5003a0f28567101d930f5484968

      SHA512

      cda6c8478d8a22998243dbea0e4e670eae8ea22f9625579f347dce654f0147a3d1ca5347652757a4e1684b7308bbc7c2a981922f65a80552c6a8e2599638dffe

      Download Submit

    • C:\Users\Admin\AppData\Roaming\limbo-godot\shader_cache\CanvasShaderGLES3\eadeb0d3221a48e2f7ad226b2639cdab1ec62e3e5c2ffb5c0ab05d4c12a3bdf2\fa7b62523470356194bdf709eb2639ab149a07cc.cache
      Filesize

      128KB

      MD5

      fb441dc644ef145ee52dd83597d5d749

      SHA1

      798ba95505034e44ce5569796fc2a7eb79140e65

      SHA256

      fa7f452871792b4ff01f0becfdb0172ee42a05a6a89ffde4d49c8e9cf2e82556

      SHA512

      7d792a8123d697a09c21b846f1d64373787fa33e77038fc8b580ac67d8352a48dd4e9cfcf37d02478307716371dfc8c40cd2979c9736390c92309d3d3bb53ffd

      Download Submit

    • C:\Users\Admin\AppData\Roaming\limbo-godot\shader_cache\CopyShaderGLES3\b34463bf5b4ff543aa5a95a5456e50efb92cde8a78cd7d354328ccfb02145fe1\fa7b62523470356194bdf709eb2639ab149a07cc.cache
      Filesize

      59KB

      MD5

      62febdf75a8b1b7120f9ef91c51a0f02

      SHA1

      42503081372619ecb84c28285d86b56740d189a8

      SHA256

      7a11dad49bd0d9e53d4b0cd0320f8ab54d19ee5c0e3b6d4fe9228ee3c96ecb30

      SHA512

      a4d9c14112d3302cc0989a0cef037a2efee3767228fa5dcbfe26a9338a869a528a47ee7faf44edd4af24d8e0632624fbc67eb98b2bc8ed8f436e30f9ab825b4d

      Download Submit

    • C:\Users\Admin\AppData\Roaming\limbo-godot\shader_cache\EGL\9thchCzkycFR1QfU1BuuZYj5vEw=.cache
      Filesize

      6KB

      MD5

      706f9876b14206f8d3bd379126859868

      SHA1

      e7ad944cd1ea3457de5a1d6652dc72a277eac852

      SHA256

      7910d25183e34248ec3a6b4e68706120c40c49cc437ff15059ee46cfeadc50e9

      SHA512

      b892d96ae594437c2a97f561683168a4afc28677dba6d7a7b3075cc25f1d70ee6f4cbe509d3db049a5094373e3f8481c5f3efa0db8b7b647643e3e1dac719970

      Download Submit

    • C:\Users\Admin\AppData\Roaming\limbo-godot\shader_cache\EGL\9thchCzkycFR1QfU1BuuZYj5vEw=.cache
      Filesize

      6KB

      MD5

      c66397a2b4b36af8eac889674f42ac1f

      SHA1

      ec07ecb72deb8857ca72c5b2346bdca1d769181c

      SHA256

      a24ef3978f78f49f656223a945f3b97524b4bbe4014ae20fca6c31e0d7729217

      SHA512

      86aaf497b16949bfa2d3cccd067eea3fd505fe2dc3b8c7753e7768fc9b122fa94a9aead0511df74228cc43b03cf9a77f175002f1c8edc84a0b2f75cb0c9dace0

      Download Submit

    • C:\Users\Admin\AppData\Roaming\limbo-godot\shader_cache\SceneShaderGLES3\929f8f61fd95a18d971fecf8f9f7e0ab6d9315c49a6343f3890d0996097f164d\fa7b62523470356194bdf709eb2639ab149a07cc.cache
      Filesize

      343KB

      MD5

      58e632bbb7a0a5649d632e5571144845

      SHA1

      bd2e58aa9b0de3dc9349b7c9ac5c889ecdc685d3

      SHA256

      d2dfa1e2930e1e6df5708a7c7191c0e3506e7c986dbe79ca372f9e7f42f112d8

      SHA512

      4d2c7e2a8cf8ed87a741b7606db568ab58ccafe36c9dbd21ceb5904d666b60105598b7c20a90cf571b76f2e6ebef88b0738aa87c26827c69481dfe9baefeff6f

      Download Submit