hxxps://github[.]com/Endermanch/MalwareDatabase/tree/master/ransomwares

Resubmissions

30-09-2024 04:43

240930-fcd9xayenq 6

30-09-2024 04:39

29-09-2024 07:53

29-09-2024 07:47

28-09-2024 19:59

Analysis

max time kernel
29s
max time network
28s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30-09-2024 04:43

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/Endermanch/MalwareDatabase/tree/master/ransomwares

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
49	raw.githubusercontent.com
50	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	[email protected]

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3152	msedge.exe
3152	msedge.exe
3640	msedge.exe
3640	msedge.exe
1912	identity_helper.exe
1912	identity_helper.exe
3992	msedge.exe
3992	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3920	[email protected]

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe
3640	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3920	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3640 wrote to memory of 2360	3640	msedge.exe	84
PID 3640 wrote to memory of 2360	3640	msedge.exe	84
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 1280	3640	msedge.exe	85
PID 3640 wrote to memory of 3152	3640	msedge.exe	86
PID 3640 wrote to memory of 3152	3640	msedge.exe	86
PID 3640 wrote to memory of 2636	3640	msedge.exe	87
PID 3640 wrote to memory of 2636	3640	msedge.exe	87
PID 3640 wrote to memory of 2636	3640	msedge.exe	87
PID 3640 wrote to memory of 2636	3640	msedge.exe	87
PID 3640 wrote to memory of 2636	3640	msedge.exe	87
PID 3640 wrote to memory of 2636	3640	msedge.exe	87
PID 3640 wrote to memory of 2636	3640	msedge.exe	87
PID 3640 wrote to memory of 2636	3640	msedge.exe	87
PID 3640 wrote to memory of 2636	3640	msedge.exe	87
PID 3640 wrote to memory of 2636	3640	msedge.exe	87
PID 3640 wrote to memory of 2636	3640	msedge.exe	87
PID 3640 wrote to memory of 2636	3640	msedge.exe	87
PID 3640 wrote to memory of 2636	3640	msedge.exe	87
PID 3640 wrote to memory of 2636	3640	msedge.exe	87
PID 3640 wrote to memory of 2636	3640	msedge.exe	87
PID 3640 wrote to memory of 2636	3640	msedge.exe	87
PID 3640 wrote to memory of 2636	3640	msedge.exe	87
PID 3640 wrote to memory of 2636	3640	msedge.exe	87
PID 3640 wrote to memory of 2636	3640	msedge.exe	87
PID 3640 wrote to memory of 2636	3640	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Endermanch/MalwareDatabase/tree/master/ransomwares
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebdfc46f8,0x7ffebdfc4708,0x7ffebdfc4718
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,9230020273500291916,3548908913591074226,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,9230020273500291916,3548908913591074226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,9230020273500291916,3548908913591074226,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9230020273500291916,3548908913591074226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9230020273500291916,3548908913591074226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,9230020273500291916,3548908913591074226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,9230020273500291916,3548908913591074226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9230020273500291916,3548908913591074226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9230020273500291916,3548908913591074226,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9230020273500291916,3548908913591074226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9230020273500291916,3548908913591074226,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,9230020273500291916,3548908913591074226,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9230020273500291916,3548908913591074226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,9230020273500291916,3548908913591074226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:224

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\Temp1_Petya.A.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_Petya.A.zip\[email protected]"
1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0483cbd2747338e00c5ba42eaba8d1d9

SHA1
209555cc94e630a87db8e561892e4741bf54936c

SHA256
62fe1e4c27a3caa593a4a42a854426d96070fa569c8d2fe079af046c3bed7aed

SHA512
46e1629f12531eae4139801ab031175be0200c422afcc11b39f72e53e6557dc578f94a064a8bda2c112b12934feace6fb73456f26b10ea91a5000045ad4c429e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
43f9c266df05a248dcfb3b9110626771

SHA1
77cbd23f894cfdf52ecdbc7133958f247b08f658

SHA256
edbaa23404b007aa4b777cd24d787a24b0db503f26a56554e98bd46b7e874f1a

SHA512
6d57eda8fc6cd8cba5db4fb397b69b51473edaa943091aae86fe1b2ca6fe7b13316d0d0639129a6e2298b41044a4b5ca18c2ca8505c6a1f28a55c5d507cc22c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e5aaf82a33b8d7642bf0ad0ce984255b

SHA1
c4bdd12b2b1aa002ae32de0d2d5c85b67357373b

SHA256
e2c95c50fae3a683e21318391cbc2ee51030c31a91c571ca01df0907ab781701

SHA512
9dba07345fea71388187e8c5ccd322e71830fb21aa1f559105ed20b27308850e16d54b68ae285329b1df85a6f85ba7471dd488124c67673da3a84c816512c4cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
255b1da85009d515f450f7cbe60d5239

SHA1
eb3efa698eb9e2d3a92c9d25d2878b0b012f9823

SHA256
d98f1d7fcae3fff8ff56f0c78ba5d99d89665a01641d57fc490cdbfba73cf480

SHA512
7280ec02d660f466950cfc76fa5a5890225364c8da6ae99bb89509c52ae6df396f19054f11b6ee8fb03314d0e51c14437a15bd86c0f9f43e2dc38099ea416a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
415839bb69deef4bf1396dc1a3efeee4

SHA1
30980da35179e1500b031323c633c4c978495783

SHA256
6670c63848e8530e66090faeaa14d0da52c79168d52308358efab43d7535bb5b

SHA512
d2ef0487cc0ecc4a7da14beca848b3f40044ad04667750bfdb0d8853b9084dffcfc4c8ee109307fe05fa1c2d824e80b8f1d8a1e8a4cb33778ac65d70c8b3b1c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fe65.TMP

Filesize
874B

MD5
4868543f40835c14b42ec8006305ef52

SHA1
98eb53cde57bd6794ab2179579a3f18274d8a748

SHA256
a7a468ffb5e10c1d5a82e276eba5d3fedac55ff1c939a5ae9f854212b2935906

SHA512
f6f25f984afb06accf866e09e6072643cc0d5ba7636473d9294b07163d8744d426ab072430eed082e13ef81d7443b47c62a6274cd6ed8aa6a59333ab7d0b4639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2bcfac17994686cfd105617525369e19

SHA1
3f8b3392a09bc076cfc552c7ada6e842b3a3a8e8

SHA256
19bf850475a4a5b5fb52f89a323027426375eec7cb1ab1516c6e01100c78c2b6

SHA512
1c345d9faa467cf3f1e3d8dfe2049d73214b187aa8af98a860bf09676f4587d4f2d8076d3486adebedc8fcecad1b9255755e13296ce76d498213c7cd7adbb626

Download Submit
C:\Users\Admin\Downloads\Petya.A.zip

Filesize
128KB

MD5
1559522c34054e5144fe68ee98c29e61

SHA1
ff80eeb6bcf4498c9ff38c252be2726e65c10c34

SHA256
e99651aa5c5dcf9128adc8da685f1295b959f640a173098d07018b030d529509

SHA512
6dab1f391ab1bea12b799fcfb56d70cfbdbde05ad350b53fcb782418495fad1c275fe1a40f9edd238473c3d532b4d87948bddd140e5912f14aff4293be6e4b4c

Download Submit

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads