3e2ba9a25e9891c6dcb75ad73c1262d523e09f0eb3d095ede9ea9d11f42ebc28

Submit
Reports

Overview

overview

Static

static

Ransomware-master.zip

windows7-x64

Ransomware-master.zip

windows10-2004-x64

Ransomware...ICENSE

windows7-x64

Ransomware...ICENSE

windows10-2004-x64

Ransomware...DME.md

windows7-x64

Ransomware...DME.md

windows10-2004-x64

Ransomware...omware

windows7-x64

Ransomware...omware

windows10-2004-x64

Ransomware...er.zip

windows7-x64

Ransomware...er.zip

windows10-2004-x64

cerber.exe

windows7-x64

cerber.exe

windows10-2004-x64

Ransomware...ll.zip

windows7-x64

Ransomware...ll.zip

windows10-2004-x64

cryptowall.exe

windows7-x64

cryptowall.exe

windows10-2004-x64

Ransomware...aw.zip

windows7-x64

Ransomware...aw.zip

windows10-2004-x64

jigsaw.exe

windows7-x64

jigsaw.exe

windows10-2004-x64

Ransomware...ky.zip

windows7-x64

Ransomware...ky.zip

windows10-2004-x64

Locky.exe

windows7-x64

Locky.exe

windows10-2004-x64

Ransomware...ba.zip

windows7-x64

Ransomware...ba.zip

windows10-2004-x64

131.exe

windows7-x64

131.exe

windows10-2004-x64

Ransomware...nu.zip

windows7-x64

Ransomware...nu.zip

windows10-2004-x64

Matsnu-MBR...3 .exe

windows7-x64

Matsnu-MBR...3 .exe

windows10-2004-x64

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-11-2024 22:34

Sharing

Copy URL

Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Ransomware-master.zip

Resource

win7-20241010-en

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

Ransomware-master.zip

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

Ransomware-master/LICENSE

Resource

win7-20240729-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

Ransomware-master/LICENSE

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral5

Sample

Ransomware-master/README.md

Resource

win7-20240903-en

discovery

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral6

Sample

Ransomware-master/README.md

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral7

Sample

Ransomware-master/Ransomware

Resource

win7-20240903-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

Ransomware-master/Ransomware

Resource

win10v2004-20241007-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

Ransomware-master/etc/Ransomware.Cerber.zip

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral10

Sample

Ransomware-master/etc/Ransomware.Cerber.zip

Resource

win10v2004-20241007-en

cerber discovery evasion persistence privilege_escalation ransomware

windows10-2004-x64

24 signatures

150 seconds

Behavioral task

behavioral11

Sample

cerber.exe

Resource

win7-20241023-en

cerber discovery evasion persistence privilege_escalation ransomware

windows7-x64

23 signatures

150 seconds

Behavioral task

behavioral12

Sample

cerber.exe

Resource

win10v2004-20241007-en

cerber discovery evasion persistence privilege_escalation ransomware

windows10-2004-x64

20 signatures

150 seconds

Behavioral task

behavioral13

Sample

Ransomware-master/etc/Ransomware.Cryptowall.zip

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral14

Sample

Ransomware-master/etc/Ransomware.Cryptowall.zip

Resource

win10v2004-20241007-en

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral15

Sample

cryptowall.exe

Resource

win7-20240903-en

defense_evasion discovery execution impact persistence ransomware

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral16

Sample

cryptowall.exe

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral17

Sample

Ransomware-master/etc/Ransomware.Jigsaw.zip

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral18

Sample

Ransomware-master/etc/Ransomware.Jigsaw.zip

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral19

Sample

jigsaw.exe

Resource

win7-20240903-en

jigsaw persistence ransomware spyware stealer

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral20

Sample

jigsaw.exe

Resource

win10v2004-20241007-en

jigsaw persistence ransomware spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Behavioral task

behavioral21

Sample

Ransomware-master/etc/Ransomware.Locky.zip

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral22

Sample

Ransomware-master/etc/Ransomware.Locky.zip

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral23

Sample

Locky.exe

Resource

win7-20240903-en

locky discovery ransomware

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral24

Sample

Locky.exe

Resource

win10v2004-20241007-en

locky discovery ransomware

windows10-2004-x64

3 signatures

150 seconds

Behavioral task

behavioral25

Sample

Ransomware-master/etc/Ransomware.Mamba.zip

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral26

Sample

Ransomware-master/etc/Ransomware.Mamba.zip

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral27

Sample

131.exe

Resource

win7-20241010-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

131.exe

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral29

Sample

Ransomware-master/etc/Ransomware.Matsnu.zip

Resource

win7-20240903-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral30

Sample

Ransomware-master/etc/Ransomware.Matsnu.zip

Resource

win10v2004-20241007-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral31

Sample

Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe

Resource

win7-20240903-en

discovery persistence upx

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral32

Sample

Matsnu-MBRwipingRansomware_1B2D2A4B97C7C2727D571BBF9376F54F_Inkasso Rechnung vom 27.05.2013 .exe

Resource

win10v2004-20241007-en

discovery

windows10-2004-x64

3 signatures

150 seconds

Report Analysis Logs

General

Target

Ransomware-master/etc/Ransomware.Mamba.zip
Size

1.0MB
MD5

f94d1f4e2ce6c7cc81961361aab8a144
SHA1

88189db0691667653fe1522c6b5673bf75aa44aa
SHA256

610a52c340ebaff31093c5ef0d76032ac2acdc81a3431e68b244bf42905fd70a
SHA512

7b7cf9a782549e75f87b8c62d091369b47c1b22c9a10dcf4a5d9f2db9a879ed3969316292d3944f95aeb67f34ae6dc6bbe2ae5ca497be3a25741a2aa204e66ad
SSDEEP

24576:Uy0yC/fh9Dnt24GZrEXdjl3Fha3fXUkWpfnb:CyGf7TtCZrOll1svX0fb

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid	Process
1884	7zFM.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

7zFM.exe

description	pid	Process
Token: SeRestorePrivilege	1884	7zFM.exe
Token: 35	1884	7zFM.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

7zFM.exe

pid	Process
1884	7zFM.exe

Processes

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Ransomware-master\etc\Ransomware.Mamba.zip"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1884

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads