Overview

overview

10

Static

static

10

bc381dbeff...b7.exe

windows7-x64

10

bc381dbeff...b7.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    78s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/11/2024, 22:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bc381dbeff70b5869fa737860c8cd8a8684cc768981beb55543499efcd32bab7.exe

  • Size

    178KB

  • MD5

    4519a5876b3e77568105da0f1c2ebb4d

  • SHA1

    78823aed1ec75b00214dccd654f5ea5dd38cfd58

  • SHA256

    bc381dbeff70b5869fa737860c8cd8a8684cc768981beb55543499efcd32bab7

  • SHA512

    f4a106b983a3c330983a6bce311cff54241c9a9b7aac31116a1ee0ebca9f20126d9e584f4b6b8fbbd3498fbb4632d1fe6373e08fd7dc3f0819fe9ebd8d9c69f9

  • SSDEEP

    3072:Yrl2uRkddO+iR7OZOQ+dzeIP9mwUGU3l2bxW1/9JnOC/fhKJ2hXh3lmG:22uyqOh2g8U12K9dtEWx17

Score
10/10
playransomware

Malware Config

Signatures

  • PLAY Ransomware, PlayCrypt

    Ransomware family first seen in mid 2022.

    ransomwareplay
  • Play family
    play
  • Renames multiple (2291) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops desktop.ini file(s) 3 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc381dbeff70b5869fa737860c8cd8a8684cc768981beb55543499efcd32bab7.exe
    "C:\Users\Admin\AppData\Local\Temp\bc381dbeff70b5869fa737860c8cd8a8684cc768981beb55543499efcd32bab7.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • Drops file in Program Files directory
    PID:2072

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini
    Filesize

    1KB

    MD5

    56695d5e728944d030b3573482a88f27

    SHA1

    d0ac758985758b4c2154788cff8aa4aface5e6ef

    SHA256

    12be9eea0dcb6f1e42f677d1ae58c954ae982929f79cf8956904b33c5ebcc8a4

    SHA512

    7e1f956d1d16fa7bf5337b7fda326557322f9473a852121f984caca45f6c4746e5744f1e5bb9cdfc7ba17e740413d8d912d26e3a81fa8c07d284f4a4330449b4

    Download Submit

  • memory/2072-0-0x0000000000170000-0x000000000019C000-memory.dmp

    Filesize

    176KB

    Download