Overview

overview

10

Static

static

10

play_2.bin.exe

windows7-x64

10

play_2.bin.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/06/2024, 02:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    play_2.bin.exe

  • Size

    178KB

  • MD5

    4519a5876b3e77568105da0f1c2ebb4d

  • SHA1

    78823aed1ec75b00214dccd654f5ea5dd38cfd58

  • SHA256

    bc381dbeff70b5869fa737860c8cd8a8684cc768981beb55543499efcd32bab7

  • SHA512

    f4a106b983a3c330983a6bce311cff54241c9a9b7aac31116a1ee0ebca9f20126d9e584f4b6b8fbbd3498fbb4632d1fe6373e08fd7dc3f0819fe9ebd8d9c69f9

  • SSDEEP

    3072:Yrl2uRkddO+iR7OZOQ+dzeIP9mwUGU3l2bxW1/9JnOC/fhKJ2hXh3lmG:22uyqOh2g8U12K9dtEWx17

Score
10/10
playransomwarespywarestealer

Malware Config

Signatures

  • PLAY Ransomware, PlayCrypt

    Ransomware family first seen in mid 2022.

    ransomwareplay
  • Renames multiple (7313) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 29 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\play_2.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\play_2.bin.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • Drops file in Program Files directory
    PID:3224

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2804150937-2146708401-419095071-1000\desktop.ini
    Filesize

    1KB

    MD5

    9f35837e66643cb3ad44f947442e44a3

    SHA1

    838372bdded1de728552732b9dd5e807cee63458

    SHA256

    95eb560f5f3611c0145f1d2e7c35a84471e067754346d8ee85bc03912fc4c7e2

    SHA512

    f01a29414e368f6c2955ac964d3e792ac546142632bc067e643ecce64dff799a610c3c83b84764911185f5162d8af9ae3b0e458857ce0ef3d97da18ac80fe722

    Download Submit

  • C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\abcpy.ini.PLAY
    Filesize

    1KB

    MD5

    acd8d292ef351aa76638612e0cc39af2

    SHA1

    404c8b110288e6b94ac5abaf8375f48ffbd12b58

    SHA256

    a78ef50ed3f27668a5f14a6217942fc2716419941b52688bdbe80e43e3170aac

    SHA512

    c2bf3ace3f4cef058d58f463b6d907cdee214bacedf8cca32347a1e297bcdd97d15eeb59e697fe98a5f702337676fee5e26adbec4b61fc3953ad8dabf06674b7

    Download Submit

  • C:\ProgramData\Adobe\Setup\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\setup.ini.PLAY
    Filesize

    1KB

    MD5

    c132bb777b0946e590f39f42fe313045

    SHA1

    0d5c46628e160f5c9f0be292af4f5a41c92b9364

    SHA256

    b3682bd69da851b82555d6c16bf4fd2d43e9eaf7f17d5da54752ee49f97ddaf7

    SHA512

    bfab9b1a2c39b93b169df07ecef050131b43e977a768647d3ceceff4df4098d691cdb06c4223a21e43844da90fe4f60208c65d24499b536c6a23ae4354ae2a31

    Download Submit

  • C:\ProgramData\Microsoft OneDrive\setup\refcount.ini.PLAY
    Filesize

    1KB

    MD5

    f72ae79903d29c3a929ae35a049b84a2

    SHA1

    c62ee26ae2c04ab4ed503c5c5effb26fdd9350f6

    SHA256

    fd0b2adf327c88bdc6183ea4aab57d6dc3190191899f79efcd7e7e932bb84fc9

    SHA512

    6fd584c46667a2f73ecddc734e350b0bc80b1a7d29837ce8704da863d38719821853e23841155ae66c394077efae25b015c13c917626ff53677bb2c2d762cc79

    Download Submit

  • C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json.PLAY
    Filesize

    1KB

    MD5

    f5c3c1d59c4a186ccde30c49b560a7d8

    SHA1

    8a0184ae2b0e6db07ff2c2883c93445f0630dd12

    SHA256

    673e457eb74fd96ef6d01c622976284d107dd9ed016c338ee4d9ed51b7e8f0f5

    SHA512

    1253f77cc563c3b7069b6f8f2ff9710edf5a085b64539b904c8f740d0c4c26d8d2eb909c3e17a2a9c99952dc542219f12a4c6b355bd7ea75b0abd11ce5676a59

    Download Submit

  • C:\ProgramData\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    08958de55b0b26c28bd9ec10af6c69af

    SHA1

    f37da89e927fd44b876b2ded88b8f548ba082944

    SHA256

    9ad8e727162f11e2486ceb400b4e6d1eadace50585cc0f7abbd67b5efac82fbd

    SHA512

    74a319c5405c1640a17bda47d4b317d92f9e0207493637aa7a3b91a49dfa5b1d4dfdf0000380cf1dfd444872524c1c1a96da30740cdba20b6149e471b4698c96

    Download Submit

  • C:\ProgramData\Package Cache\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
    Filesize

    5.5MB

    MD5

    7657cbd391a531155dacc25be22b607a

    SHA1

    c59b9018d8ed53db48b05b130afae072dbdf20a0

    SHA256

    2af29436831f639a33e198d97c5a49aa126355f63615a31f90ee9acceea84e92

    SHA512

    215a2425632ab4756f4be86bd682ff4cc9c23d71430ff995b348a5d15f933f3e3331c00b7b4d2be67849c477330f5d677d92236716abad6125fca5c40212887c

    Download Submit

  • C:\ProgramData\Package Cache\{4d8dcf8c-a72a-43e1-9833-c12724db736e}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    82c6916dfb9beba4ffe9e9c64a8c17e6

    SHA1

    d391b5408d4e0c296f5f88d944855dc78c414de8

    SHA256

    8c04f1eb24cea92dc663b4b4252def1d9ba68aec6845fb166a1866afb4b66816

    SHA512

    8dcf6d5fbb9903e6ca5d6e1112cc8ab4902fc07af2c185f2566c163ad34684b36bfde91a10d7f7776dd4ecc168992494eecf1ae46f992d069bd0c9e94033157a

    Download Submit

  • C:\ProgramData\Package Cache\{5740BD44-B58D-321A-AFC0-6D3D4556DD6C}v12.0.40660\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
    Filesize

    5.3MB

    MD5

    2e47b947d10bc55a71e31f0ebbb2a10b

    SHA1

    debe06ed6cf4912b725aa9f0099ff9d2e55e4cc4

    SHA256

    c1f947ef99bb1400a4005d32ce20b9624c1f634f0c6859824673ab1ee8600305

    SHA512

    6c8e907967bf6912afa0707d0d5e797e3aedbf00cf604cb0f2703b5ed9fa70068392c837ee389f6d0a787f49f8812f65708922346223021d0c84ed2d1f898028

    Download Submit

  • C:\ProgramData\Package Cache\{57a73df6-4ba9-4c1d-bbbb-517289ff6c13}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    187d0d719859d603527753706a35e9fc

    SHA1

    49045617b1e2c4e9e8955488441dfbbbfe3bd5a3

    SHA256

    847b9706ab7d4f646bdc7cd6e8016016ce88938482f4c7af1f99a8e02b3c83c3

    SHA512

    e1619e3b2bb73a20dd955f97e1f7a6bf394baeaacd56316a0fa37a0282042ec39ce54df1494b2e92c3c194feb5ff113eddcda329ef1a1b5390eee4e05afda9fb

    Download Submit

  • C:\ProgramData\Package Cache\{61087a79-ac85-455c-934d-1fa22cc64f36}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    9b0a6f2fe263627fd231d2e8092fd7f7

    SHA1

    52c01f46c30894bab07d37648bae1b410a05cde9

    SHA256

    dcd9f176abea66b9151097e63f6e2a09c3f19fb31218866ad0bc5c785ae4b5c0

    SHA512

    13bd739acb712281ab9db49ed3628afda571dadbc509bb5498292ed827f1fc65a16c6612a2ba6e162b5308170f8a73fdf65f28c2dab5f2771cf83741d8ae1341

    Download Submit

  • C:\ProgramData\Package Cache\{63880b41-04fc-4f9b-92c4-4455c255eb8c}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    3923de1080d1a134e5d8814cbdf706d7

    SHA1

    6377f0a2dfe755ef3d678cb6c197f1fa23f2f8a9

    SHA256

    d89a67e6a0863452547a7c374d0be15c51c2d37f07b450d1991edc011340b97d

    SHA512

    abfbd30724f7d5bbdf2816a252404d0f219acfcc3bcf532513c018305ad1333a57cdb5e1210cfb1f00f1400e7da974709817f2a739446c392891243df7d0a45a

    Download Submit

  • C:\ProgramData\Package Cache\{662A0088-6FCD-45DD-9EA7-68674058AED5}v14.30.30704\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
    Filesize

    870KB

    MD5

    65fe6d35a58453112faddbe23df6360b

    SHA1

    5423cb4877568c039b65b1bccf92ad85b8bd7dc1

    SHA256

    7dced87add10c01b3c4d760b6bddd14b96f930160e06c36aa4be930995689e50

    SHA512

    1866e7475d7060f7c7ab4b38c2a2daf167b8d19857e62b385e9558bac6d3ff45339f0a39fd52c32a4dc730b64ece753f44a6e768a37587344ec6105be0414901

    Download Submit

  • C:\ProgramData\Package Cache\{6DB765A8-05AF-49A1-A71D-6F645EE3CE41}v14.30.30704\packages\vcRuntimeAdditional_amd64\cab1.cab.PLAY
    Filesize

    5.4MB

    MD5

    ac6a3199fc4dcdaf6e3be91f8a6365e7

    SHA1

    33e7b5b7fcb4fcb4a2609164c7439dc551ddddcf

    SHA256

    133a7399e2dde3e505d48a2d0da392599d3fdcb0379158727cf9dfe8e0ff6018

    SHA512

    c9f44116290bf2204077b94267369f73ca2328afaa0f806e413813ef12dbe6ee8fdd5326d555f00308ef35356dad2bce5f7d79a0926f9abc8d281d6037d29364

    Download Submit

  • C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
    Filesize

    4.7MB

    MD5

    f223a43c524c7ff317612bf58564e7b5

    SHA1

    e128b09fda262cf59cc8c06599ab08136d249602

    SHA256

    355b30104493b7400e29a5cfea5bb473fb953654f0f4dc033cf4c15e2bef8da0

    SHA512

    b97df081fb3d6179527d83941762df2fe8fc98e2979888980608564178e27e75f11646ad400887c17442f1c097099a7286a11c4b41e84149f62fa4c495a518eb

    Download Submit

  • C:\ProgramData\Package Cache\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
    Filesize

    4.9MB

    MD5

    aa0b27fdefc5f4608faa85eb889277c7

    SHA1

    f90845484ace6bb38a0f8ecc7781f14d86577207

    SHA256

    289f28fc457e2a8dc5cafb1dcedbbfd830768d81b6dbe947422b41d0f025c9e4

    SHA512

    320be277f1c5190c430b51856cda5856247e539c8aea021fe4930f5401da8638c41ff3f43211c55462f68f9e276cc0b3bafbaf440ed954bb068f7f8e420d85fe

    Download Submit

  • C:\ProgramData\Package Cache\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
    Filesize

    803KB

    MD5

    4aecd02ac7886d386c0b71a392daee9d

    SHA1

    03b4343389884ac491beb1be3baed6347234cb86

    SHA256

    1a5ea5dcea09904c7390a3ddaa0411b37205bc177ec49a9679d53c307e1baf83

    SHA512

    cb2e6fe750f32dcade0f92653b21465f89a59c0a104002aa44ca94fb6149d444a45b511f614bd831adf63d6b5e9c7a862d1f45e2e8e732029037357e6744b281

    Download Submit

  • C:\ProgramData\Package Cache\{BF08E976-B92E-4336-B56F-2171179476C4}v14.30.30704\packages\vcRuntimeAdditional_x86\cab1.cab.PLAY
    Filesize

    4.9MB

    MD5

    563b3d11ecd15a2f68a5f4b0013232ae

    SHA1

    e5d29032d6d238ce14562dc4583ec015a18481f7

    SHA256

    1fbf7e9a8f15f7c0bdb11cf0587e8063788ad64fd2aafbf69bf405b426058127

    SHA512

    5ee992405358805d0c8c1378013e1c48d11ec7f5c1b1aaeb498d744ef6c6a7b8c4a60f59c5dab48987cc9f8433db999d5a69917438a595a8de16c106824573ab

    Download Submit

  • C:\ProgramData\Package Cache\{CB0836EC-B072-368D-82B2-D3470BF95707}v12.0.40660\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
    Filesize

    1011KB

    MD5

    300d2667c6ff3a49ec1ef2ef50e91040

    SHA1

    ad314b2ba5e7d95ad8c4cb8493774e39280df6c7

    SHA256

    f44d58db18423abd4cc32ed7263687e5183585cea0e07088bceef71dd03571af

    SHA512

    df10771e96aae0e67446a1bbbbaf852a987a2085b72230b2d6dae7b663b807e81d36e2bf5f15fdaee5398acfa7cd1e4e695ee809fa7a466c1275e0812f8da7b6

    Download Submit

  • C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\cab1.cab.PLAY
    Filesize

    791KB

    MD5

    d8004389ba04681d139ba2597cfc4cb5

    SHA1

    a2027b30cc1be89ee2cd8de675e1854ba360c9f7

    SHA256

    75e3c7402707fb4d3d65cc093db506f6cec6ce3d67304ef41c1a4a07fa85fd7a

    SHA512

    2c33bb7649e0f7d59006779fc0283b8bc22a459d221a589ef89bf28c8aba415bec578acaf7853c406e0d8b808340ab0c299e8731cc62718ca60c9addd8142ab2

    Download Submit

  • C:\ProgramData\Package Cache\{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}v12.0.40660\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
    Filesize

    974KB

    MD5

    ca89d83bda905193ca88e301d8c783ed

    SHA1

    3cfc4d88c22debc12edadb1b0813d2603fcd99c4

    SHA256

    9f1a02b1fbf6ed819be9dea8e7028e3f4488fb9bcea51ea1aa5dce2a57bb040e

    SHA512

    b751872baef71f5eebd0e03ecb97f620008a61de37d98f55b7ae03deb91855cfdf3a5f1f2901fbdd4a266266bde8e9679829fe04cf24e8943e45aab06bb60a08

    Download Submit

  • C:\ProgramData\Package Cache\{F6080405-9FA8-4CAA-9982-14E95D1A3DAC}v14.30.30704\packages\vcRuntimeMinimum_x86\cab1.cab.PLAY
    Filesize

    742KB

    MD5

    208df393252022f9b6b010b3c0b17d8d

    SHA1

    738f65352b603af9abc9d65303645aed1245f10a

    SHA256

    6eec96c35ee5b0aebad3818e9f3f68a21bfb9a158bce61058a94ce6463c82692

    SHA512

    c5323313943b7c88f7f6a5faf2a61f1ceeff9962859cda343537d9ca20bcbf3115738518dc9af7c5261167297c78e79f683e8975209c729f0a7e7549b60eaac3

    Download Submit

  • C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    f7c0e544b3fd157f13cf89d6c9fbca16

    SHA1

    a9a90ac897f8c8a59ff3014440d365588d4eb25e

    SHA256

    3bbb0031d756b16bf420535bf963ce711a8b427fcde512bffaa5187a27ecc2e1

    SHA512

    4c1d5aeb54d2694af34396dc30540cb3be180b4877482eb56a9414fe1857c594c2e7f6780fecc1993586e08835446d373dc8fca8bc1c08086017f3cd3a080f4d

    Download Submit

  • C:\ProgramData\Package Cache\{d87ae0f4-64a6-4b94-859a-530b9c313c27}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    57a0d921ebddf9b0c8f16d64bf931b8c

    SHA1

    38c93fbdb74966728e20dad3440a4b51b835a2ee

    SHA256

    e81b21874d70b9b29112c3bcad96d1cc9145905b4ef81ef6ffdd092a07b20648

    SHA512

    cb7daeb75a07b3b79ef7f51a9b85b86b29340d3586cd7a3bf45802d34f466017c850147d19454c858f6d3eb2c59719521cceb18544589ac4c6c9769858ca2c46

    Download Submit

  • C:\ProgramData\Package Cache\{ef5af41f-d68c-48f7-bfb0-5055718601fc}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    ff8c899887511c74b389c76c5f713147

    SHA1

    abb87263ff30dfecfa753e0ea8ef67b050dd39c6

    SHA256

    02159a7ce12f5df98784c08992d8347d3be130c1bead379a83e688cf19ac2f30

    SHA512

    84af0fec27eec23cd7922d7bc271e4cac62dfa6ed7d45f89cf633d340af249398b3a515689d74b9ddb66b9529b1d0c63b7ad2cf778181b755826844a9caa1af4

    Download Submit

  • C:\ProgramData\Package Cache\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}\state.rsm.PLAY
    Filesize

    1KB

    MD5

    234afe90380793d0ffc4777dd64abc46

    SHA1

    d2bde5bc4d2ca9db1639867834f6a2eb24b2a7d2

    SHA256

    12ded3b15008b685c247de7be7f1d42ef97c9852d2ec833d613488a5b37f9827

    SHA512

    8fb2f36b4907769e5043e7b3cca5f04fbb2c003e68551a6a6c4cee17e5445c929b8466af570870082deb62f16a8060685ce196c6e82bcf7e60b07495bb14c7ad

    Download Submit

  • C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Extensibility Component.swidtag.PLAY
    Filesize

    2KB

    MD5

    1df09bacfe433886589b2f7fe1140edc

    SHA1

    7157552daeca2193d7f7591c2b2f0ac8ccd2044b

    SHA256

    4b5accdc836190437cead50193aba0209a3266b3ed1826b304fe6ea88feba9b8

    SHA512

    20540e440ba513d9656110c14f2978281d4d08968e9490a149e18310c29e17aa40f41ff2504efceaa8f3fdb331ce0b6677dfcb67aeb2da08deb5df8f8d2873ce

    Download Submit

  • C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Licensing Component.swidtag.PLAY
    Filesize

    2KB

    MD5

    3a78f0700d6e768e484d5323fff939b5

    SHA1

    bbd02aa8bb4a1dfb76071dc810096437f4c83314

    SHA256

    99a6918c9a2e3324b07a3528282a33e0b99fe45dd0b81af7e81778cff1dc6435

    SHA512

    a705dbdac3add216dd2d2ac7e42c3f1ce73e3db456e807efd540185c3ea3897dfe0223bc4d2abfc74170e91109337f14f59b201ee2bb1d43b474ff48b0fedcb1

    Download Submit

  • C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft Office 16 Click-to-Run Localization Component.swidtag.PLAY
    Filesize

    2KB

    MD5

    d83163171426c759e212eb5f2596f364

    SHA1

    7fd8a6c8c451c641f0f5a855fcfca254b676dd85

    SHA256

    84a03111970d0a0365638596e56b9c7ea9ff5f6f8953219d5d647b6a20b28760

    SHA512

    02715e621f5a2fd75788a34370265693a5bcef8f98dac31ba5cd8924c19beaf0a8bff410d8cb927cf1a8a78bfa5d4bc49342964c943e4ebff3b83acedecb0228

    Download Submit

  • C:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-10-Pro.swidtag.PLAY
    Filesize

    2KB

    MD5

    76eeea34f149a7da73cbda928cf5f51a

    SHA1

    40a40048a3a632f5680b66592e28132df6c07f0f

    SHA256

    5a4754e7808328583dfcc7f90b8346fdde30810c715840dabac0ac4ffc1a6215

    SHA512

    57acee104f8c3e2c0d213c9f287a4c7675473dc646257679379e51f3b9f4d997b06cd043fd7bc60259bdd1be67410ce1cc3368106a5e04f81aa12c5dfd9632f1

    Download Submit

  • memory/3224-0-0x0000000002200000-0x000000000222C000-memory.dmp

    Filesize

    176KB

    Download