Overview

overview

10

Static

static

3

2024-11-23...er.exe

windows7-x64

10

2024-11-23...er.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2024 06:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-11-23_9e28725a40faab491e96a80d5c258c31_inc_luca-stealer.exe

  • Size

    142KB

  • MD5

    9e28725a40faab491e96a80d5c258c31

  • SHA1

    2cc8ca797c6c731f0266a27176d71697e097824b

  • SHA256

    0e3f849e351cea99f9979889fc4d3700c710573a215805329eb097c533d87c3e

  • SHA512

    5448cdb27bc354091bb25a5cb3d17e71cad8ec2825069b177b3cddec8887e6118dc614eed41c24f948bd39751903f79e66939ae3081f175355cc2bb0d054ec29

  • SSDEEP

    3072:uA5ohBykv/QGvx4TOPu5XH4KoUu2JsaO0xiQhzNHaGVV:DojR/QY4CP434KrtOiJHFVV

Score
10/10
inc_ransomdiscoveryransomware

Malware Config

Extracted

Path

F:\INC-README.txt

Family

inc_ransom

Ransom Note
Inc. Ransomware We have hacked you and downloaded all confidential data of your company and its clients. It can be spread out to people and media. Your reputation will be ruined. Do not hesitate and save your business. Please, contact us via: http://incpaysp74dphcbjyvg2eepxnl3tkgt5mq5vd4tnjusoissz342bdnad.onion/ Your personal ID: 938BFE0F7AD109ED We're the ones who can quickly recover your systems with no losses. Do not try to devalue our tool - nothing will come of it. Starting from now, you have 72 hours to contact us if you don't want your sensitive data being published in our blog: http://incblog7vmuq7rktic73r4ha4j757m3ptym37tyvifzp2roedyyzzxid.onion/ You should be informed, in our business reputation - is a basic condition of the success. Inc provides a deal. After successfull negotiations you will be provided: 1. Decryption assistance; 2. Initial access; 3. How to secure your network; 4. Evidence of deletion of internal documents; 5. Guarantees not to attack you in the future. Instruction how to get to chat page: 1. Download TOR Browser from official website (https://www.torproject.org/download/); 2. Install TOR Browser and open it; 3. Copy chat link and press enter; 4. On the page you will need to register your account using your personal ID; 5. Use this ID and your password to get chat page again.
URLs

http://incpaysp74dphcbjyvg2eepxnl3tkgt5mq5vd4tnjusoissz342bdnad.onion/

http://incblog7vmuq7rktic73r4ha4j757m3ptym37tyvifzp2roedyyzzxid.onion/

Signatures

  • INC Ransomware

    INC Ransom is a ransomware that emerged in July 2023.

    ransomwareinc_ransom
  • Inc_ransom family
    inc_ransom
  • Renames multiple (353) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-11-23_9e28725a40faab491e96a80d5c258c31_inc_luca-stealer.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-11-23_9e28725a40faab491e96a80d5c258c31_inc_luca-stealer.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in System32 directory
    • Sets desktop wallpaper using registry
    • System Location Discovery: System Language Discovery
    PID:2664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • F:\INC-README.html
    Filesize

    1KB

    MD5

    85b81261146c08f4d472d18edc33c3b6

    SHA1

    7eb932f20e9c03fc8d77007f2651cbf5aad888a4

    SHA256

    265a0f64e8f11bbb397f0f02d035ac172a5ef02e38fdb864913a540ad9ad60b3

    SHA512

    b8d76760065743b3ef754c6b630300e091282207048a91a2b57577d9ed6e110640946e3bc099e7777ddcefa463d718908a630e9468447c3ca1f2c57e213bdff3

    Download Submit

  • F:\INC-README.txt
    Filesize

    1KB

    MD5

    bcbfa1399779f0779b61dd8169d2393d

    SHA1

    424013a1f7830b13065817c5c865a2101709be92

    SHA256

    cad9dde04935dfe6517c61ea55a40365c5f65062c4305508989a10a5c90ac03d

    SHA512

    fd7d0721e44d0f2f5c983406b3d4b1705d2c99b44cd5fee4c46cc9950ff05fa7c985bcee882d3852038f2e3a815ed34739e66cd80418e06634e37074f8e4acdf

    Download Submit