Overview

overview

10

Static

static

3

762bb8a720...39.exe

windows7-x64

10

762bb8a720...39.exe

windows10-2004-x64

10

Resubmissions

28-05-2024 13:25

240528-qn2jpagc45 10

21-12-2023 15:14

231221-smbb8aahaq 10

Analysis

  • max time kernel
    210s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-05-2024 13:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe

  • Size

    458KB

  • MD5

    8177fcfd49b44e0eff98320b0a713ff8

  • SHA1

    8a40c9b2c5b0902d9dc0f159def55eea94063b1e

  • SHA256

    762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539

  • SHA512

    5821cc4bae9b43772c8253cbd9feac353d4b44b5ad3e9d786c96d3e4ec2147a7787115300658f10a22cc46bbc3032e7ecaf38d84f5167040775135d314e4de5a

  • SSDEEP

    6144:f7M6Yn6fGlV0okVP3Z4FQmFKMUhhtpyr81fhKUqmLzmZuGVPVElK4p+:fsflV0pVP3aBcJyrs3qPZuocp+

Score
10/10
playransomwarespywarestealer

Malware Config

Signatures

  • PLAY Ransomware, PlayCrypt

    Ransomware family first seen in mid 2022.

    ransomwareplay
  • Renames multiple (7279) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 29 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe
    "C:\Users\Admin\AppData\Local\Temp\762bb8a7209da29afb89f7941ae1c00a04cf45a144c6c5dddcfa78ff0d941539.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • Drops file in Program Files directory
    PID:1040
  • C:\Windows\system32\NOTEPAD.EXE
    "C:\Windows\system32\NOTEPAD.EXE" C:\ReadMe.txt
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:28364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini
    Filesize

    1KB

    MD5

    f9d973429b8efdfcca3eff1878c62967

    SHA1

    5a87c1c3a200fc16e337514686613cd063a83cce

    SHA256

    891bcd69b7223a3774073d8369d767b0a7fd34a64fa9f6cf55d23ba7212d3830

    SHA512

    78fd4f419efab7cbb8cafff88c1b0af355b27024b2dd6ab59dbd58e5badabe0b0fb5c7e91aa93e8021f992be482076819ffb43568adf34f8e9d23a4b364fafeb

    Download Submit

  • C:\$Recycle.Bin\S-1-5-21-3558294865-3673844354-2255444939-1000\desktop.ini
    Filesize

    1KB

    MD5

    52944699384f99e8965516fadbe58c54

    SHA1

    e439822abd75d087f8c08acfa123db28c095a406

    SHA256

    ae75fae5de110c24599bfe25747aa7de907ca991893fa0912992a8f895d813d4

    SHA512

    34a0c289e4a060e85d5fd62ca0cd40009c92802a62a7b645021b7046363df33eac78b4dd18830f24a8c4b37072da650b114be27bc0b8fcab918468385e73880a

    Download Submit

  • C:\ReadMe.txt
    Filesize

    190B

    MD5

    c44d1cf9cbdc314753b340ae0e4c25d4

    SHA1

    285b3c7a25ca4a9ed0267a11060b7593713c5b9f

    SHA256

    c8e4bdb9fc766ed8d9ac215bd3c7703db3276da5bc1b0f27aa956fbdb122bcce

    SHA512

    06b403cabb9d5e68c621c9fa211910489f53c66c1625857cfadda1702615e1a3db4a681cd2c21f712458269e57027be76b74611d8bcfc43b0d0fad56476cca73

    Download Submit

  • memory/1040-0-0x00000000003A0000-0x00000000003CC000-memory.dmp

    Filesize

    176KB

    Download