Overview
overview
5Static
static
3cru-1.5.2.zip
windows7-x64
1cru-1.5.2.zip
windows10-2004-x64
1CRU.exe
windows7-x64
1CRU.exe
windows10-2004-x64
1Info.txt
windows7-x64
1Info.txt
windows10-2004-x64
1reset-all.exe
windows7-x64
1reset-all.exe
windows10-2004-x64
1restart.exe
windows7-x64
4restart.exe
windows10-2004-x64
5restart64.exe
windows7-x64
4restart64.exe
windows10-2004-x64
5Analysis
-
max time kernel
137s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 21:32
Static task
static1
Behavioral task
behavioral1
Sample
cru-1.5.2.zip
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
cru-1.5.2.zip
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
CRU.exe
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
CRU.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
Info.txt
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
Info.txt
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
reset-all.exe
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
reset-all.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
restart.exe
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
restart.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
restart64.exe
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
restart64.exe
Resource
win10v2004-20240508-en
General
-
Target
Info.txt
-
Size
635B
-
MD5
df95acfba3051d021ec94e47726bbd07
-
SHA1
a93d201d828f003864639d356f3993ef27d475a5
-
SHA256
61350ce9d700627a156845dfee77c44703280b16fd30bc1c216bffc1cc82c0a1
-
SHA512
30d5361d53b6f0a653c657010fd95f3ffaa24b6f018fd411666a5a23a49167f7fa0c0bc98a487d7c65698f78bd5f7f183089eb39dc6f28c5923140a4d0a6e57b
Malware Config
Signatures
-
Opens file in notepad (likely ransom note) 1 IoCs
Processes:
NOTEPAD.EXEpid process 4884 NOTEPAD.EXE
Processes
-
C:\Windows\system32\NOTEPAD.EXEC:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\Info.txt1⤵
- Opens file in notepad (likely ransom note)
PID:4884
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5164 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:81⤵PID:3404