Overview

overview

10

Static

static

7

MedicareSign.zip

windows7-x64

1

MedicareSign.zip

windows10-2004-x64

1

MedicareSi...rp.dll

windows7-x64

1

MedicareSi...rp.dll

windows10-2004-x64

1

MedicareSi...rt.exe

windows7-x64

7

MedicareSi...rt.exe

windows10-2004-x64

10

MedicareSi...er.dll

windows7-x64

1

MedicareSi...er.dll

windows10-2004-x64

10

MedicareSi...nt.dll

windows7-x64

5

MedicareSi...nt.dll

windows10-2004-x64

5

MedicareSi...nt.dll

windows7-x64

1

MedicareSi...nt.dll

windows10-2004-x64

3

MedicareSi...ig.ini

windows7-x64

1

MedicareSi...ig.ini

windows10-2004-x64

1

MedicareSign/eng.lng

windows7-x64

3

MedicareSign/eng.lng

windows10-2004-x64

3

MedicareSign/rus.lng

windows7-x64

3

MedicareSign/rus.lng

windows10-2004-x64

3

__MACOSX/....resign

windows7-x64

3

__MACOSX/....resign

windows10-2004-x64

3

__MACOSX/M...rp.dll

windows7-x64

1

__MACOSX/M...rp.dll

windows10-2004-x64

1

__MACOSX/M...rt.exe

windows7-x64

__MACOSX/M...rt.exe

windows10-2004-x64

__MACOSX/M...er.dll

windows7-x64

1

__MACOSX/M...er.dll

windows10-2004-x64

1

__MACOSX/M...nt.dll

windows7-x64

1

__MACOSX/M...nt.dll

windows10-2004-x64

1

__MACOSX/M...nt.dll

windows7-x64

1

__MACOSX/M...nt.dll

windows10-2004-x64

1

__MACOSX/M...ct.dll

windows7-x64

1

__MACOSX/M...ct.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-07-2024 08:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MedicareSign/config.ini

  • Size

    592B

  • MD5

    d0194a86163e4edc6df8d7d18e05e94f

  • SHA1

    a6fa3081d4b52ad403cb7e6328323145f825db9d

  • SHA256

    bf98bf21fe2e415b0ddcfca143f1470672a621e0b6bf6688c66e0ea32fc38f26

  • SHA512

    332dfcb032304b027ba71e9e2f61d828834ee18aca9bd36b3774ee9187550b0b760d2ec9bd55d7bb05c38aa4ea27156dcd56abb302d487dad24cc37338d9856a

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\MedicareSign\config.ini
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:2812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads