84bebbe2cc14519a656dd6ee54e892191872f7122ebf53ef6b2349a5218c11e1

Submit
Reports

Overview

overview

Static

static

2272954a2c...5a.exe

windows7-x64

2272954a2c...5a.exe

windows10-2004-x64

72716d15ea...21.exe

windows7-x64

72716d15ea...21.exe

windows10-2004-x64

Bit Paymer.exe

windows7-x64

Bit Paymer.exe

windows10-2004-x64

KeepCalm.exe

windows7-x64

KeepCalm.exe

windows10-2004-x64

LockedIn.exe

windows7-x64

LockedIn.exe

windows10-2004-x64

NotPetya.dll

windows7-x64

NotPetya.dll

windows10-2004-x64

Purge.exe

windows7-x64

Purge.exe

windows10-2004-x64

Scarab.exe

windows7-x64

Scarab.exe

windows10-2004-x64

a631ad1b1a...4b.exe

windows7-x64

a631ad1b1a...4b.exe

windows10-2004-x64

a9053a3a52...bc.exe

windows7-x64

a9053a3a52...bc.exe

windows10-2004-x64

b764629e1f...1c.exe

windows7-x64

b764629e1f...1c.exe

windows10-2004-x64

cf89f70633...5c.exe

windows7-x64

cf89f70633...5c.exe

windows10-2004-x64

e951e82867...50.exe

windows7-x64

e951e82867...50.exe

windows10-2004-x64

fa0c321e1a...d2.exe

windows7-x64

fa0c321e1a...d2.exe

windows10-2004-x64

fc184274ad...27.exe

windows7-x64

fc184274ad...27.exe

windows10-2004-x64

Resubmissions

18-07-2024 07:25

18-07-2024 07:19

17-07-2024 20:55

17-07-2024 19:21

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
17-07-2024 20:55

Sharing

Copy URL

Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2272954a2c9f631b4f9c5f6d230287b0989ab3b512bb5f4a282214eadf42085a.exe

Resource

win7-20240705-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

2272954a2c9f631b4f9c5f6d230287b0989ab3b512bb5f4a282214eadf42085a.exe

Resource

win10v2004-20240709-en

gozi banker isfb trojan

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral3

Sample

72716d15ea7d118b8c99dbcb15114188abe468718c876ac52b0779161ef7e821.exe

Resource

win7-20240705-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral4

Sample

72716d15ea7d118b8c99dbcb15114188abe468718c876ac52b0779161ef7e821.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral5

Sample

Bit Paymer.exe

Resource

win7-20240704-en

persistence ransomware spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral6

Sample

Bit Paymer.exe

Resource

win10v2004-20240709-en

persistence ransomware spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Behavioral task

behavioral7

Sample

KeepCalm.exe

Resource

win7-20240704-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral8

Sample

KeepCalm.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral9

Sample

LockedIn.exe

Resource

win7-20240704-en

ransomware

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral10

Sample

LockedIn.exe

Resource

win10v2004-20240709-en

ransomware

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral11

Sample

NotPetya.dll

Resource

win7-20240708-en

mimikatz bootkit persistence spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral12

Sample

NotPetya.dll

Resource

win10v2004-20240709-en

mimikatz bootkit persistence spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Behavioral task

behavioral13

Sample

Purge.exe

Resource

win7-20240708-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

Purge.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

Scarab.exe

Resource

win7-20240705-en

defense_evasion execution impact persistence privilege_escalation ransomware

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral16

Sample

Scarab.exe

Resource

win10v2004-20240709-en

defense_evasion execution impact privilege_escalation ransomware

windows10-2004-x64

12 signatures

150 seconds

Behavioral task

behavioral17

Sample

a631ad1b1a59001a5f594880c6ae3337bda98f8ce3bb46cd7a9de0b35cd2bc4b.exe

Resource

win7-20240704-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral18

Sample

a631ad1b1a59001a5f594880c6ae3337bda98f8ce3bb46cd7a9de0b35cd2bc4b.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral19

Sample

a9053a3a52113698143a2b9801509c68d0d8b4b8208da453f0974547df0931bc.exe

Resource

win7-20240704-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral20

Sample

a9053a3a52113698143a2b9801509c68d0d8b4b8208da453f0974547df0931bc.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral21

Sample

b764629e1f43851daf984c9372422b65ddceae28f83d6211873f4c8f8672c41c.exe

Resource

win7-20240705-en

wannacry discovery ransomware worm

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral22

Sample

b764629e1f43851daf984c9372422b65ddceae28f83d6211873f4c8f8672c41c.exe

Resource

win10v2004-20240704-en

wannacry discovery ransomware worm

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral23

Sample

cf89f70633865aa06123062a7dc51f8158905afb4b00f6f3597de3edfba97c5c.exe

Resource

win7-20240704-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

cf89f70633865aa06123062a7dc51f8158905afb4b00f6f3597de3edfba97c5c.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral25

Sample

e951e82867a4f3af5a34b714571e9acf99cca794c4ed1895c9025a642d5d4350.exe

Resource

win7-20240705-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral26

Sample

e951e82867a4f3af5a34b714571e9acf99cca794c4ed1895c9025a642d5d4350.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral27

Sample

fa0c321e1aad571daaa3bf642ced8ab10931a05957ce9f17da49317816ca50c7_WthaiV9ed2.exe

Resource

win7-20240704-en

defense_evasion evasion execution impact persistence ransomware

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral28

Sample

fa0c321e1aad571daaa3bf642ced8ab10931a05957ce9f17da49317816ca50c7_WthaiV9ed2.exe

Resource

win10v2004-20240709-en

evasion execution persistence

windows10-2004-x64

14 signatures

150 seconds

Behavioral task

behavioral29

Sample

fc184274ad3908021e4c8ef28f35dc77447ed6457375d2a4e7b411955e042527.exe

Resource

win7-20240704-en

cerber discovery evasion persistence privilege_escalation ransomware

windows7-x64

20 signatures

150 seconds

Behavioral task

behavioral30

Sample

fc184274ad3908021e4c8ef28f35dc77447ed6457375d2a4e7b411955e042527.exe

Resource

win10v2004-20240709-en

cerber discovery evasion persistence privilege_escalation ransomware

windows10-2004-x64

18 signatures

150 seconds

Report Analysis Logs

General

Target

Purge.exe
Size

24KB
MD5

b02916e5c5215ef3ce25269c8d8afbe2
SHA1

7ea2e4eebea27ade84075a5bd47e048297377259
SHA256

b4e9d14e4ea8a1c459805ec46870f12a3e6ea3308864511a3d9c7af9fb841403
SHA512

c84cd98801dbc515f8e800c5fae57158d4167347c2267f1decbf37e98819b2bc1e9439eacec71eaad1c6ece62bf468b21db9cc53e6568cc73499595b1935296e
SSDEEP

384:lMX3iNFRHDy0nxaP/JqiKV+aQlSp591U7qO7o4FQcc4KVOJ5ogxlwAx9sLtsNtt7:qHitm/JqiO+aB5s7qOUvOJ5ogDrCO8tm

Score

1^/10

Malware Config

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\Purge.exe
"C:\Users\Admin\AppData\Local\Temp\Purge.exe"
1⤵
PID:2324

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2324-0-0x0000000074B9E000-0x0000000074B9F000-memory.dmp

Filesize
4KB

Download
memory/2324-1-0x0000000000DC0000-0x0000000000DCC000-memory.dmp

Filesize
48KB

Download
memory/2324-2-0x0000000074B90000-0x000000007527E000-memory.dmp

Filesize
6.9MB

Download
memory/2324-3-0x0000000074B90000-0x000000007527E000-memory.dmp

Filesize
6.9MB

Download
memory/2324-4-0x0000000074B90000-0x000000007527E000-memory.dmp

Filesize
6.9MB

Download
memory/2324-5-0x0000000074B9E000-0x0000000074B9F000-memory.dmp

Filesize
4KB

Download
memory/2324-6-0x0000000074B90000-0x000000007527E000-memory.dmp

Filesize
6.9MB

Download