Analysis

  • max time kernel
    142s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-06-2024 09:41

General

  • Target

    2024-06-03_c99802a8587ccde3cfd18c14e9e48656_snatch.exe

  • Size

    3.8MB

  • MD5

    c99802a8587ccde3cfd18c14e9e48656

  • SHA1

    fb0b6287862fd9795ab830b81639eaf95b72866c

  • SHA256

    bfc7da1951f21e23de0249fc3e5c170c95bb1a72b9984953f9a75560456ca677

  • SHA512

    cd502d1b22d1614b8b9c50a318094596a1b165fd915ded79ef6a8ef5329bb256c3f77d5782df96c7c6d59293bb9800ab8da1e25ddf3a0b47677879a320029a49

  • SSDEEP

    49152:5ACSWEAoMQ4v8bZGCjgr9gL5E7YECANNNkVoVXIuRK:ny4UFlE7HZRK

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\READ THIS.txt

Ransom Note
ENCRYPTED BY RINCRYPT 4.0 Your Documents, Photos, Databases and Other important files are encrypted!!! Only one way to decrypt your files is to buy -Rincrypt Decryptor- To buy -Rincrypt Decryptor- follow next instructions. 1. Contact to [email protected] and send your code Code - EJ4h3LgeULe6RKj 2. Send 1$ worth of Bitcoins to their Bitcoin address. DO NOT SHARE THIS RANSOMWARE

Signatures

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-06-03_c99802a8587ccde3cfd18c14e9e48656_snatch.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-06-03_c99802a8587ccde3cfd18c14e9e48656_snatch.exe"
    1⤵
      PID:4900
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4240 --field-trial-handle=2284,i,9807419199535700662,2319175108930815708,262144 --variations-seed-version /prefetch:8
      1⤵
        PID:1728

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\fmgjjmmmlfnkbppncabfkddbjimcfncm\Icons\READ THIS.txt

        Filesize

        395B

        MD5

        14d88d6272062b7958e4d4c3fc99ba87

        SHA1

        721f4bc99b1e45a59c8bb6e8ceb33b6187413cd0

        SHA256

        97dfac9c19ae78b5c9b4e13a7b417d12e1a52738be3e5f88b2bd39587b3b1549

        SHA512

        57c9bfb73c191729528feadb7f87200a3583565889da3cdf3574b0055e405623f87914bfb4d3e7eb6a15d4af6a6c9dacb79078484d2078987fda4f9f1ccafa99