Analysis
-
max time kernel
8s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
02-09-2024 11:18
General
-
Target
Yashma ransomware builder v1.2.exe
-
Size
538KB
-
MD5
13e878ed7e547523cffc5728f6ba4190
-
SHA1
878ad3025f8ea6b61ad4521782035963b3675a52
-
SHA256
f9a5a72ead096594c5d59abe706e3716f6000c3b4ebd7690f2eb114a37d1a7db
-
SHA512
a7fa4f14deb65aa8de18e37e4fba3d2fa6ed696b70c4d0f1f49a65a4d43da76eff0d9a9c4703a6e3c13a37eb5d1a427e43be8c0ea6b1288a50a1c5175d9392c7
-
SSDEEP
3072:tq0G/vqRT5i2YcRVm16Pn690H7GMgXuD//bFLAkCgkUKEyF9aT5Zt19r+E1/bFLz:U0G/GiWm16YaGMVFLQdD8FLz
Score
10/10
Malware Config
Signatures
-
Chaos
Ransomware family first seen in June 2021.
-
Chaos Ransomware 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 19 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Yashma ransomware builder v1.2.exe"C:\Users\Admin\AppData\Local\Temp\Yashma ransomware builder v1.2.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB
-
Filesize
560KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
8KB
-
Filesize
10.8MB