dbcc1bec2dbc4002cfdade40966eb639ccf4da67a7b9728f444beb1d35ed4f7f

Resubmissions

12/06/2024, 08:28

240612-kcy2jawckj 10

10/06/2024, 17:27

240610-v1ktxsvbpk 10

Analysis

max time kernel
21s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
10/06/2024, 17:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mydoom/Mydoom Ransomwares/1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
Size

27KB
MD5

4ae2e5156253fbeed2c6f13a066c98a1
SHA1

db318de72c2cdda1822999441d23b91e933a772b
SHA256

1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c
SHA512

c00c1c47e4cffaa3078885bbca42e6663bb478ec33b5b742c752412b204af55bf94008868264d0b03279339017732330e64c52d3b20f55e347194f65f2147be2
SSDEEP

384:XLNAZPBVp/L9Z1oQEDQVbfANpC78rMNAtpDkjvr+jfXNIRXrrahrBDBkHqd7gasb:XCZ5jz9YQEMb4KN2ywrFuHeJsyO

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 27 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\$Recycle.Bin\S-1-5-21-1672260578-815027929-964132517-1000\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Public\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Public\AccountPictures\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-1672260578-815027929-964132517-1000\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe

C:\Users\Admin\AppData\Local\Temp\Mydoom\Mydoom Ransomwares\1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
"C:\Users\Admin\AppData\Local\Temp\Mydoom\Mydoom Ransomwares\1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe"
1⤵
- Drops desktop.ini file(s)
PID:4692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\SmsRouter\MessageStore\edbres00001.jrs.CoronaCrypt[[email protected]]-[ID-1ED80C96].Encrypted

Filesize
64KB

MD5
2bd663d266430aa38f2192242fe8d2de

SHA1
3031eba670cb0f0bfc1eff1046361958dc947c9d

SHA256
99ac0fd98214e33248e5c2baa6e2d2b38aaea1e6d0ab458a9732d9a5ee9782bf

SHA512
f9e997392c3d6c495d385a912758281c0dc399ef4c0bcb86b2368150c31907d4631b124c4a14e86c09d01af8c303f01872d29af45fa5677edffda2e55d11de50

Download Submit
C:\ProgramData\Microsoft\User Account Pictures\Admin.dat.CoronaCrypt[[email protected]]-[ID-1ED80C96].Encrypted

Filesize
16B

MD5
9cc087867f4de6db4f75a9bd4da9a97f

SHA1
5b3feba57feed1f8dae4fc678d89125c2a8d8a15

SHA256
a044f5a7fd68f059538468c637fc0cd80d678e047203e16e119a14d92bdf5e1c

SHA512
4be73b28454b0f0552a0fc974863b82a982668a14358f0b77ca00887d2a9674ac4669c7ecf972bb4d229fb3fb679ff05795c07091849355dd97601d1aa9b7e44

Download Submit
C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi.CoronaCrypt[[email protected]]-[ID-1ED80C96].Encrypted

Filesize
140KB

MD5
0004ee8a92082fdfdb7755d91f5be033

SHA1
5338f5cd2c57e0bfe59d05bb0a85c25309fa5ca9

SHA256
cbcbe8f1a731157f1b8b95c39c7033de0e771804470a393be47cad4ee538eb52

SHA512
000fde200fd33af5530701ac19e3cde8adbf731223668ac06eda73eb5f9021cfaa49a66fc36eb969e92c070fea084a94cf50c59955be6fa328d81a4488c13557

Download Submit
C:\ProgramData\Package Cache\{9F51D16B-42E8-4A4A-8228-75045541A2AE}v56.64.8781\dotnet-host-7.0.16-win-x64.msi.CoronaCrypt[[email protected]]-[ID-1ED80C96].Encrypted

Filesize
744KB

MD5
ac8437d4b175d9b8d665cffaa3f697ce

SHA1
0645a47dfaedd560a0679aa0947f3a4c043e50af

SHA256
0264bdf257e27dc7a09cedbe76f9d252a8c3a96303beb829ef487dff233b255a

SHA512
128d0fd607de9ff7394c1e279b0864c83ea229e15138e34359e1fe085444fad69fa1c3a0f88b5fa3cf36a5af9e249f85465a6e720c4395ccf8df9662a9482ca5

Download Submit
C:\Users\Admin\AppData\Local\Temp\wctE213.tmp.CoronaCrypt[[email protected]]-[ID-1ED80C96].Encrypted

Filesize
63KB

MD5
85c7e6323a6965187c152771943fa8f9

SHA1
5d9768d2382510d42c22a237b4734c70fb71ba73

SHA256
179dbb91b9f1ac9696ddd17fbdab99cbc7e93ca24c3f328766bac83fb7c749d9

SHA512
d3a8e8e3508f843cd16a30820ecc574045ada2bfe2ea4f0b7fd034c7513b806adb2c96d380a2b7f285a973cc5d5127b9d49b166b6a8f69d8590aba5a6d68f66c

Download Submit
memory/4692-3-0x0000000004F00000-0x0000000004F92000-memory.dmp

Filesize
584KB

Download
memory/4692-6-0x00000000078A0000-0x0000000007906000-memory.dmp

Filesize
408KB

Download
memory/4692-5-0x00000000751D0000-0x0000000075981000-memory.dmp

Filesize
7.7MB

Download
memory/4692-4-0x0000000004EB0000-0x0000000004EBA000-memory.dmp

Filesize
40KB

Download
memory/4692-0-0x00000000751DE000-0x00000000751DF000-memory.dmp

Filesize
4KB

Download
memory/4692-411-0x00000000751DE000-0x00000000751DF000-memory.dmp

Filesize
4KB

Download
memory/4692-412-0x00000000751D0000-0x0000000075981000-memory.dmp

Filesize
7.7MB

Download
memory/4692-2-0x0000000005410000-0x00000000059B6000-memory.dmp

Filesize
5.6MB

Download
memory/4692-1-0x0000000000530000-0x000000000053C000-memory.dmp

Filesize
48KB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads