Overview
overview
10Static
static
7Documents/...er.exe
windows7-x64
Documents/...er.exe
windows10-2004-x64
10Documents/...ll.exe
windows7-x64
9Documents/...ll.exe
windows10-2004-x64
3Documents/...aw.exe
windows7-x64
10Documents/...aw.exe
windows10-2004-x64
10Documents/...ky.exe
windows7-x64
10Documents/...ky.exe
windows10-2004-x64
10Documents/...31.exe
windows7-x64
1Documents/...31.exe
windows10-2004-x64
1Documents/...3 .exe
windows7-x64
7Documents/...3 .exe
windows10-2004-x64
3Documents/...d9.dll
windows7-x64
10Documents/...d9.dll
windows10-2004-x64
10027cc450ef...ju.dll
windows7-x64
10027cc450ef...ju.dll
windows10-2004-x64
10ee29b9c013...bc6.js
windows7-x64
3ee29b9c013...bc6.js
windows10-2004-x64
3fe2e5d0543...L9.rtf
windows7-x64
4fe2e5d0543...L9.rtf
windows10-2004-x64
1Documents/...uy.hta
windows7-x64
10Documents/...uy.hta
windows10-2004-x64
10Documents/...st.exe
windows7-x64
7Documents/...st.exe
windows10-2004-x64
7Documents/...39.exe
windows7-x64
6Documents/...39.exe
windows10-2004-x64
Documents/...5c.exe
windows7-x64
6Documents/...5c.exe
windows10-2004-x64
Documents/...00.exe
windows7-x64
7Documents/...00.exe
windows10-2004-x64
7out.exe
windows7-x64
3out.exe
windows10-2004-x64
3Resubmissions
22-08-2024 18:43
240822-xc563asamh 1021-08-2024 17:16
240821-vtjnaathnq 1030-06-2024 00:59
240630-bcjr6svbkk 1020-06-2024 02:02
240620-cf43ysxbnk 1020-06-2024 01:44
240620-b5v1xawemk 1019-06-2024 01:10
240619-bjmseavfmp 1018-06-2024 20:40
240618-zfwsxawdpa 1018-06-2024 13:45
240618-q2vcjawdle 10Analysis
-
max time kernel
441s -
max time network
1163s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
30-06-2024 00:59
Behavioral task
behavioral1
Sample
Documents/Ransomware.Cerber/cerber.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Documents/Ransomware.Cerber/cerber.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
Documents/Ransomware.Cryptowall/cryptowall.exe
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
Documents/Ransomware.Cryptowall/cryptowall.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
Documents/Ransomware.Jigsaw/jigsaw.exe
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
Documents/Ransomware.Jigsaw/jigsaw.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
Documents/Ransomware.Locky/Locky.exe
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
Documents/Ransomware.Locky/Locky.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
Documents/Ransomware.Mamba/131.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
Documents/Ransomware.Mamba/131.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
Documents/Ransomware.Matsnu/Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
Documents/Ransomware.Matsnu/Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
Documents/Ransomware.Petrwrap/Ransomware.Petrwrap/027cc450ef5f8c5f653329641ec1fed9.dll
Resource
win7-20240419-en
Behavioral task
behavioral14
Sample
Documents/Ransomware.Petrwrap/Ransomware.Petrwrap/027cc450ef5f8c5f653329641ec1fed9.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.dll
Resource
win7-20240419-en
Behavioral task
behavioral16
Sample
027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
ee29b9c01318a1e23836b949942db14d4811246fdae2f41df9f0dcd922c63bc6.js
Resource
win7-20240611-en
Behavioral task
behavioral18
Sample
ee29b9c01318a1e23836b949942db14d4811246fdae2f41df9f0dcd922c63bc6.js
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
fe2e5d0543b4c8769e401ec216d78a5a3547dfd426fd47e097df04a5f7d6d206_OFkNP1kKL9.rtf
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
fe2e5d0543b4c8769e401ec216d78a5a3547dfd426fd47e097df04a5f7d6d206_OFkNP1kKL9.rtf
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
Documents/Ransomware.Petrwrap/Ransomware.Petrwrap/myguy.hta
Resource
win7-20240611-en
Behavioral task
behavioral22
Sample
Documents/Ransomware.Petrwrap/Ransomware.Petrwrap/myguy.hta
Resource
win10v2004-20240611-en
Behavioral task
behavioral23
Sample
Documents/Ransomware.Petrwrap/Ransomware.Petrwrap/svchost.exe
Resource
win7-20240508-en
Behavioral task
behavioral24
Sample
Documents/Ransomware.Petrwrap/Ransomware.Petrwrap/svchost.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral25
Sample
Documents/Ransomware.Petya/Ransomware.Petya/26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739.exe
Resource
win7-20240508-en
Behavioral task
behavioral26
Sample
Documents/Ransomware.Petya/Ransomware.Petya/26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
Documents/Ransomware.Petya/Ransomware.Petya/4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c.exe
Resource
win7-20240508-en
Behavioral task
behavioral28
Sample
Documents/Ransomware.Petya/Ransomware.Petya/4c1dc737915d76b7ce579abddaba74ead6fdb5b519a1ea45308b8c49b950655c.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral29
Sample
Documents/Ransomware.Radamant/Ransomware.Radamant/DUMP_00A10000-00A1D000.exe
Resource
win7-20240611-en
Behavioral task
behavioral30
Sample
Documents/Ransomware.Radamant/Ransomware.Radamant/DUMP_00A10000-00A1D000.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral31
Sample
out.exe
Resource
win7-20240508-en
Behavioral task
behavioral32
Sample
out.exe
Resource
win10v2004-20240508-en
General
-
Target
out.exe
-
Size
51KB
-
MD5
8f681b52fcfe200d14c81d297a323cf7
-
SHA1
1375d3c3cb1d2ea8d6f80a2cfe11107d80ad9a34
-
SHA256
a1c1164f6b43a3592a98b29adc045f9ca37ec0624eb2f2c027bfffe24a4915d1
-
SHA512
88f936cfc95833017fefa7a342cb9b41ae7ea2e7123f7e8bb4192db53b0b48998421176132a4ead98fbb25d31d0f1ee8e0f7995d14e94ab3e094d4dcceb7ad36
-
SSDEEP
768:uElAvOs4CTfOgGYdlNGCizSHdq12UMx9s6zAKSXwa/2e:ZlafjVsrODKpKSXN
Malware Config
Signatures
-
Program crash 2 IoCs
pid pid_target Process procid_target 4880 1296 WerFault.exe 80 904 1296 WerFault.exe 80
Processes
-
C:\Users\Admin\AppData\Local\Temp\out.exe"C:\Users\Admin\AppData\Local\Temp\out.exe"1⤵PID:1296
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 1882⤵
- Program crash
PID:4880
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 2242⤵
- Program crash
PID:904
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1296 -ip 12961⤵PID:2896
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1296 -ip 12961⤵PID:808