Analysis

  • max time kernel
    1770s
  • max time network
    1431s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-06-2024 23:44

General

  • Target

    readme.txt

  • Size

    1KB

  • MD5

    cc8d237a0a072031c67fa156876f2c0c

  • SHA1

    86604975ccd6944413cf59d4d7194c91e668c291

  • SHA256

    3c313ff1dedbc1952ef92fcecc652ca7c1e082e7564bc4c700d719eb61bab160

  • SHA512

    499ec24984d44fe5c4b0caa0414199feaaf2fc8c34682df4326a739ab78204817a8189909f4a3ef404ea380ccb06572576a066bae5dfe32469c865d09675d28b

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 1 IoCs

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\readme.txt
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:388
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:4124

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\DtcInstall.log

      Filesize

      1KB

      MD5

      b886b587ae0f354148212f8e1398cbe8

      SHA1

      f85b92ffe650e3148f5c47432860fd2ace798e6b

      SHA256

      3f8aee449bd30f0eb03ebfe52b1be1eea076085bf230ca9bd549c8d5d3f1e756

      SHA512

      a4ac03eaac57c983b26df0cc51972df919ff0e3b09dd3eb398ba447c32633341b188914fa9b05b4afc1e9ce99b3414978d8ec05e60234e8f689f6499e4c4a4ef

    • C:\Windows\PFRO.log

      Filesize

      1KB

      MD5

      856127c0b5522ccfbf73080a7c6c85e2

      SHA1

      5cc21bc6be3f77d25e2e8ebfdd1a8ccc7e59572c

      SHA256

      2c2ef24b9f59f37619ab1d3fbf8ce9b2a907aad169c745c90d8d9c24588d1339

      SHA512

      66672fd2962facb2f8b205e636478c8c65050337422d0fe04b0f0721f46496726dc692d970fe7c448cff6c8f34a979baade36919ff3944bc991c2ee58044199e

    • C:\Windows\Professional.xml

      Filesize

      30KB

      MD5

      c186ef70e6825d333e0077831c58baaa

      SHA1

      13164d000f4e7dfcb5b73b837944efb7c8e4df2f

      SHA256

      4f3a12fc3e94b4fd72989532b43f9d98a6afa4792493e308ab8dac43e5d3748e

      SHA512

      02680c6ffac6753a32d1505b9489f5f215e47ebdd0df3c0b26746956044f1cdd33f5edace41dabc7bcc0b7340d31619b580655d8400f08a1549c99bc0bd9c394

    • C:\Windows\SysmonDrv.sys

      Filesize

      165KB

      MD5

      ed700f1552e668ee3b7e28d4b1c0a5f5

      SHA1

      c620f8ab8c725ba70cf4d785035c795baaf307e1

      SHA256

      e856ac7870bc9ed7a02e09ff0548c880746fdae08401e059b853478dbf034626

      SHA512

      02bb9d6dc7ecfa3b31eb4b8cfae27c03d7f3d5da2be06f858f843172491281f3cd43d607321c9889d3c1476183a340f2993b5dc922072d8fffd3e45a8a5ca8e0

    • C:\Windows\WindowsUpdate.log

      Filesize

      276B

      MD5

      2cc83d93dd1dde691158cf5e9882420b

      SHA1

      49bfdc6e1e73e09a0dec345ca15b72d167add3b6

      SHA256

      455ec4f5b15557762b893388b591ca9f3e822675ab94fc6664aa4ec8c41cb295

      SHA512

      e67f883a016b7a410f4461492bce124421bddccf4544322b9a460a56df469170b2323fd0325e2cf928193fb6a1323c31cb0d464097f25d2f9b11af3bf9ca1b4d

    • C:\Windows\lsasetup.log

      Filesize

      1KB

      MD5

      eb33f5192061130474d940d542829d83

      SHA1

      885459aab6d94a4e3aea0188d5f39ee7502f0d59

      SHA256

      e591a0cb170f2878ad6078865db3ebb2961693e93903f57cde04fee6e5d51530

      SHA512

      89c61bc55c0170cd008cb6c847041fa4642f197e620f5ba4b99012c7fc6d042b1c051ef7071b8fcd051c82d806bb33abb08a76ed6ea916fd4d4e1ad186ea2403

    • C:\Windows\system.ini

      Filesize

      219B

      MD5

      286a9edb379dc3423a528b0864a0f111

      SHA1

      18db3e3dfb6b1d4dc9bc2226109112466de28db0

      SHA256

      6f533ccc79227e38f18bfc63bfc961ef4d3ee0e2bf33dd097ccf3548a12b743b

      SHA512

      588720a82941b44338196f1808b810fecbbc56cb9979628f1126048c28f80b946314092a8dd26f5e7aca234b7163c4b9c1283a65c9b36be2a4da9966feb8b2cb

    • C:\Windows\win.ini

      Filesize

      92B

      MD5

      23cf8138f49416231807e6de371fb9e6

      SHA1

      973672eeae5a05447e47395cde37e8121b7c90fe

      SHA256

      6b3d6e268dcb76e175a7db3d9e031349ab2c32654c7e57581a851e64dd6214ab

      SHA512

      42ae18a96645289cb0246d545daa955d2fb0784993726414d0bc723dfb58b33cf11bb6b62ba7f5a3765e0c6c5713e8a02cd63638877ca032b82d4806e79950cf

    • C:\vcredist2010_x64.log-MSI_vc_red.msi.txt

      Filesize

      381KB

      MD5

      d0f06dfe065d480846a96547704962a1

      SHA1

      25774772beb875ad08548a76d411ac61342de75a

      SHA256

      2894aa9ce588c8a5b3a8cb6d66cddd27410487b4eccf00a02cf14393db47feb3

      SHA512

      8e590ccfed137f25056ab0180c1f63bc486c4b2c1f7c62f27501e16e88c0df1b19d05a719e16027bfa926380526fc395cdc35f16eb2a7e0abd0788d7a38ba969

    • C:\vcredist2010_x64.log.html

      Filesize

      86KB

      MD5

      29fa3abf8498e05a3c7da6229d87ca20

      SHA1

      66a81d4913a0c55d6f983de502df37d0cc5a5a37

      SHA256

      9540ca5f8874cfd2e8028923581430be48cd3b6fccfbb4835b471b9e867b334f

      SHA512

      a0caed283fcfc113c5d8e0e32cc0c1bb33799aac27881cc4bbd23c82354455f2ed54de54f765e247cd955476b6986fee8b95869d5b87be1b8ace1fc90b7a4cae

    • C:\vcredist2010_x86.log-MSI_vc_red.msi.txt

      Filesize

      395KB

      MD5

      76e933518ce70f771a1ac3ae77cceeb1

      SHA1

      1534b2ea46d32e17c493be71edc438170d011048

      SHA256

      37c6e6ad897eacf1afbfd757d2a2b3cd34a069481a95654d9fe8e62b6d48a499

      SHA512

      9322723a6c0c13c5b939d942d58ea877375154b75894acf8484133ad5345d959898df4f933a387ee43deec6ca6b1a780ec6619dae14822ac0c4c34efbf10021e

    • C:\vcredist2010_x86.log.html

      Filesize

      81KB

      MD5

      379e5a62729b3f11dae2a788fee685a6

      SHA1

      ffbb0d3261283088bd9a6e9bfec168e5fabec7e4

      SHA256

      1ca819d4ed56eebd4fef2886487b0b0a5cb867ac0d9c15cb4f3d8bc282c65275

      SHA512

      49a9cdd0b707b9d3693bcb57b17a87e7af031b6969453a8331e7e95ce966c5e1d974ffff11bc4ad5ea81c86cd776116de423a6515a43ae01b975904438cbe1d3

    • C:\vcredist2012_x64_0_vcRuntimeMinimum_x64.log

      Filesize

      168KB

      MD5

      d19c4e2ac7a15a8ee0449e064d42caf2

      SHA1

      7c76b45126d99e0be5cf5606b2782210e1361b37

      SHA256

      9d64313f303aae37d6186843d4b5137d07590ead89299209ed6bb24c501fe898

      SHA512

      db47db432511c0df5ab5411061bef523a9187671710a8d92d1550630d5303ea7f03bc5ef0cd0ceaeb8c30181fcb9f0c02151aee029ff6d719decc940c65efddf

    • C:\vcredist2012_x64_1_vcRuntimeAdditional_x64.log

      Filesize

      195KB

      MD5

      7fa6c7a8401e9107ee0b97cc071ffd06

      SHA1

      bb5e186f4fa27543c242329a5a7a852f1033aad6

      SHA256

      8cffd7c4b3684ccae656fcf42c0fcc10277f2e9fb20bafd34dc3e7a7cfd1f814

      SHA512

      07a358dc47b681b6032e6b6679a8a96fec99979bfe7ff1d4a933f038fd528df856bbe232a11bfd05a5be4562f0d0ebeedefb2e92500c9bb41199342c173d1ac5

    • C:\vcredist2012_x86_0_vcRuntimeMinimum_x86.log

      Filesize

      171KB

      MD5

      8e16d5fb5a327b485dbdaa1618ba88e0

      SHA1

      0c189cdbb7662a3ebe9157636b666285db338044

      SHA256

      35c2746e3826fee257685d6e031e5adde0dca5b03988c137a5619035bacd6a98

      SHA512

      945d4b77c105e0d44e8943f1cd9791580937d50c041c5a42665149595a3bfe0e60752987823615b0ab2d8bdffe9ead598a63b5b3a8edfe978267fe17368bbdda

    • C:\vcredist2012_x86_1_vcRuntimeAdditional_x86.log

      Filesize

      208KB

      MD5

      50e19e7ffcc48878c5a2cfbe4f80be4f

      SHA1

      f2ec9fa8a1a084f8d63c201f72d994eb73588f4a

      SHA256

      9b866addabe851abe05861fb1644619040970911f1284db9e3ea0055cc2d93a0

      SHA512

      b4927aa8237e3667ba8e58d522021284a184de2c399a4addda1dc76f13e928fb2bf44513696bfaebdc327042fb2245c6ea61f11169d85e0d8f2b15e1c13bbc5e

    • C:\vcredist2013_x64_000_vcRuntimeMinimum_x64.log

      Filesize

      170KB

      MD5

      61737c9efdaa729f78ee3c78e0a57534

      SHA1

      9e4018393f97928d0d9a1a3034c3d2605be1535a

      SHA256

      88acf3b26535d00d0b68bd45e4be798ad79dd0f32086c72cf5bd4fba406668d8

      SHA512

      12e14166cf174ad16370cb5f0b331cc2b08dbd76da154dc6f055f1c21b7a2d700ccd4f4483184ee5c2c8f9f850948edfd3f59791a2eea6d0f85b3e1e4a99b515

    • C:\vcredist2013_x64_001_vcRuntimeAdditional_x64.log

      Filesize

      191KB

      MD5

      9ceed525058366d7aab02e3b2946ef33

      SHA1

      bad5b8e44cd462b53b6e768523f60e9d79ab2d37

      SHA256

      e3c9be35e351ff470536ba97c345cc72e821b839a704b74a8fcfd54bfbe19cf9

      SHA512

      e44e56a005ccae30c4d53c15a973ceaf72f4f617a3ee65ceb92169c26b912b1725e2116e9bc09f062d6af59587ba41427dfc3cbe3661e2797cfb5516edd8dc95

    • C:\vcredist2013_x86_000_vcRuntimeMinimum_x86.log

      Filesize

      170KB

      MD5

      80a338b1029ca48be813c9d31919ad80

      SHA1

      9f7a43be779c51c4038f6637f3bb44a015255714

      SHA256

      47e71f40f561c8a360018f98b98ccde13a3b054675aa5f83866139ff81459a6d

      SHA512

      3f0ffee36ce7a4fa340cb5e2649418ee7d35204d927aef3a95a82ccb0e4d729bfacdccf72388f2bb7a326c88556b7c9f62350b88fc0acd96b1936544bfba498e

    • C:\vcredist2013_x86_001_vcRuntimeAdditional_x86.log

      Filesize

      198KB

      MD5

      62fccb002f87090379c02bf17dd982f5

      SHA1

      ab84c05080cafc02993f8b689267e8d147050156

      SHA256

      46c6f75e4db12ded5064356f31a88731d3636c460db5e34d8105e6daee5681d9

      SHA512

      f2aa41843f48266be0f3f49079725c02f91c46461e0dbfd14df52b79919bd26e4f854af5ccfa190292cc42dfd0114937ba155c8fdf6a759ac28036308d0a7d63

    • C:\vcredist2022_x64_000_vcRuntimeMinimum_x64.log

      Filesize

      123KB

      MD5

      3dd6d73a9bd330761875d99cb167d393

      SHA1

      ea492639e5c74db2733c2e8f089653259188a391

      SHA256

      082f4061e0bce65a115c095229f5149f0f21828babd7ea6f4a073a58320e7b9f

      SHA512

      5438385d176c257a89fe9df6f6d8c3135d5ebaef4beaadf742a9d9e6dd67adf5abbb05417e97e9ed7972eaed9d2064cbfc6797b20f1a71e0a415f0add3d5c28b

    • C:\vcredist2022_x64_001_vcRuntimeAdditional_x64.log

      Filesize

      129KB

      MD5

      6e56587da8cf0d924b2f62ae7283e795

      SHA1

      4d6c4a76c1a6a18bf923e2d4c3219c642c84e672

      SHA256

      1ff4ba196dcdc5bf880ba03e506fa58f9369e841a34013d1f377c28041e78351

      SHA512

      21f4016aff123faa1753517d48a759d3f448dbf8dc4a26f209c0152cb8b9d9441f13c052639e022b9afb45237b8e647c5b206ccb5b5ff9474a38a2600d991e70

    • C:\vcredist2022_x86_000_vcRuntimeMinimum_x86.log

      Filesize

      123KB

      MD5

      9fac291f79714e0c91f770f3fc816b79

      SHA1

      fc37c6acc862a7727c964b418b8e459f5d0549a5

      SHA256

      7ca39089591590d11d0646fbabfe60e62e7ec5d0f5d9da24717d5088e6c3cc8a

      SHA512

      cac75ec803bbeee002ba49c91c4d8a6be5dcac477b9915a0d34fe5f7af39f40c53d7793f1a81c8415017fb5deb639b5d8aade6ce2048d02a9a0190ed69cd3590

    • C:\vcredist2022_x86_001_vcRuntimeAdditional_x86.log

      Filesize

      135KB

      MD5

      ad0db0c654535e25f77cd5d6d1aecdee

      SHA1

      b1ccc0c3569dbaaaa139e1c77978a31c453f71b2

      SHA256

      af1ccd58655ad736f8a3f7793fadcf96fcb469cc0e2a9869e7e0dc9d00ba5765

      SHA512

      63cbc269440dbd44accae273eceff388e5b3345132a1747136fc8b5a5d0053dd5c609f569f527cbd0442afe730d8cf8796619be8bd1c335344778f31064c33cd