Overview

overview

10

Static

static

10

IQHGV07FDy...2).exe

windows7-x64

3

IQHGV07FDy...vn.exe

windows7-x64

3

Junk)2345.eml.ViR.eml

windows7-x64

5

PC Cleaner.exe

windows7-x64

10

PC_cleaner...ed.exe

windows7-x64

3

PC_cleaner...ed.exe

windows7-x64

3

Pizzacrypts.exe

windows7-x64

9

Ponmsiyyks.exe

windows7-x64

3

Rlesvxamve...on.exe

windows7-x64

SATURN_RANSOM.exe

windows7-x64

10

ScreenCapt...er.exe

windows7-x64

1

license key.exe

windows7-x64

malware.exe

windows7-x64

8

mamba_141.exe_.exe

windows7-x64

1

mamba_152.exe_.exe

windows7-x64

5

microsoft-cleaned.exe

windows7-x64

3

msiexec.exe

windows7-x64

10

nc.exe

windows7-x64

1

nd2vj1ux.exe

windows7-x64

notes.exe

windows7-x64

nzpuHohZGP...2).exe

windows7-x64

3

nzpuHohZGP...sr.exe

windows7-x64

3

old_14b68c...0d.exe

windows7-x64

7

patched.exe

windows7-x64

9

pclock.exe

windows7-x64

7

pclock_unpack.exe

windows7-x64

7

pitupi20.exe

windows7-x64

10

pozhehgxml...co.exe

windows7-x64

7

ransom_50....0b.scr

windows7-x64

9

ransomware...20.exe

windows7-x64

9

safeinf.exe

windows7-x64

7

schet1074....16.rtf

windows7-x64

10

Analysis

  • max time kernel
    290s
  • max time network
    256s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-11-2024 03:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ransom_50.00_dol_df410f19157f591860e1633b85dfb50b.scr

  • Size

    621KB

  • MD5

    a7f91301712b5a3cc8c3ab9c119530ce

  • SHA1

    22c17c048eacd78038e820350181e2fb1aa2fe75

  • SHA256

    f1384ff19a870f5aa718486666a14e88873d79eaea5725e3a2097b2d9fd9a320

  • SHA512

    53f608c8ab14595559ea91f028632c427c60b490ab79f57f6ac8b09dfd3920b69acf011ca0d8891fb3a3db474967691d69acb9175d777be65a0ab9b71b7e135f

  • SSDEEP

    12288:o8S/eSSa+KprpGAOB+TJyZJKiPKIQInLDIAvcn0YP2TFjqHHsFNW0jGjG:NS/rSarrpGr+1yzKUKIQILDIAknzuBje

Score
9/10
discoveryransomwarespywarestealerupx

Malware Config

Signatures

  • Renames multiple (109) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 2 IoCs
    evasionspywaretrojan
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ransom_50.00_dol_df410f19157f591860e1633b85dfb50b.scr
    "C:\Users\Admin\AppData\Local\Temp\ransom_50.00_dol_df410f19157f591860e1633b85dfb50b.scr" /S
    1⤵
    • Drops startup file
    • System Location Discovery: System Language Discovery
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:2388
    • C:\Users\Admin\AppData\Local\Temp\ransom_50.00_dol_df410f19157f591860e1633b85dfb50b.scr
      "C:\Users\Admin\AppData\Local\Temp\ransom_50.00_dol_df410f19157f591860e1633b85dfb50b.scr" /S
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\tox_tor\tor.zip
    Filesize

    266B

    MD5

    9362f31b8a3134cc3f397ffdcd0757f0

    SHA1

    0ca54647ddad37ef9a9c0460bcef301633ef8084

    SHA256

    bd294be727573fa981152db69f31ba4b9290431dfa4a0141ae6b7c795e164fcd

    SHA512

    bad69c309958f8fa8230cf12aadf37ff748b0563591e3b76eff03d72f90b59368685c469224f1cc10654125fe5aadcde59d588cb6adf3ee016aee3cf6b88e346

    Download Submit

  • memory/2388-0-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2388-11-0x0000000003130000-0x0000000003397000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2388-135-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2388-136-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2984-12-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

    Download

  • memory/2984-122-0x0000000000400000-0x0000000000667000-memory.dmp

    Filesize

    2.4MB

    Download