Overview

overview

7

Static

static

3

PSmplay.exe

windows7-x64

1

PSmplay.exe

windows10-2004-x64

3

def_skin.ini

windows7-x64

1

def_skin.ini

windows10-2004-x64

1

skin/def_skin.bmp

windows7-x64

3

skin/def_skin.bmp

windows10-2004-x64

7

Analysis

  • max time kernel
    107s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-08-2024 23:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    def_skin.ini

  • Size

    12KB

  • MD5

    3a126228b73a318444858b7e8207e86e

  • SHA1

    a3f9a85ed961473145c911bbe1efce20946c190e

  • SHA256

    a5acb3024287becfcb6b0297b2ca5f0e6d5edbf7b2a456cc0aeb8c26cccbc368

  • SHA512

    1eabbd2521326058695df3f871db5f8e000157d47600bc2c49524043ec2e2085e1f540670b3b6b1e6f5381dae74ee1f99403121c261f76908a3c123ba9dfa301

  • SSDEEP

    384:/Q11Yu8G4J4qxk/0neKBMqAP0AwqeneTv0qaWW+:/Q11Yu8G4J4qxk8neKBM5P0AwHneL09q

Score
1/10

Malware Config

Signatures

  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\def_skin.ini
    1⤵
    • Opens file in notepad (likely ransom note)
    PID:1760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads