Overview

overview

10

Static

static

10

TrojanRans...29.exe

windows7-x64

10

TrojanRans...29.exe

windows10-2004-x64

10

source/Bat...er.exe

windows7-x64

5

source/Bat...er.exe

windows10-2004-x64

5

source/Bat...lp.chm

windows7-x64

1

source/Bat...lp.chm

windows10-2004-x64

1

source/Cov29Cry.exe

windows7-x64

10

source/Cov29Cry.exe

windows10-2004-x64

10

source/Cov...v4.exe

windows7-x64

10

source/Cov...v4.exe

windows10-2004-x64

10

source/Cov...ry.exe

windows7-x64

10

source/Cov...ry.exe

windows10-2004-x64

10

source/Cov...en.exe

windows7-x64

3

source/Cov...en.exe

windows10-2004-x64

3

source/Cov...en.exe

windows7-x64

3

source/Cov...en.exe

windows10-2004-x64

3

source/Tro...29.bat

windows7-x64

10

source/Tro...29.bat

windows10-2004-x64

10

source/mbr.exe

windows7-x64

6

source/mbr.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    93s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-12-2024 20:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    source/Cov29Cry/Chaos Ransomware Builder v4.exe

  • Size

    550KB

  • MD5

    8b855e56e41a6e10d28522a20c1e0341

  • SHA1

    17ea75272cfe3749c6727388fd444d2c970f9d01

  • SHA256

    f2665f89ba53abd3deb81988c0d5194992214053e77fc89b98b64a31a7504d77

  • SHA512

    eefab442b9c1be379e00c6a7de9d6d7d327ad8fd52d62a5744e104f6caa44f7147a8e74f340870f9c017980a3d8a5a86a05f76434539c01270c442a66b2af908

  • SSDEEP

    3072:9UJAYdi2YcRVm16Pn6tpzqJG/sX9i2YcRPm16Pn6ckCjSH5EyR9aKZt18rTu+i2S:9aiWm162qJEsNiym16ryAiym168

Score
10/10
chaosransomware

Malware Config

Signatures

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos
  • Chaos Ransomware 1 IoCs
  • Chaos family
    chaos
  • Suspicious behavior: EnumeratesProcesses 23 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\source\Cov29Cry\Chaos Ransomware Builder v4.exe
    "C:\Users\Admin\AppData\Local\Temp\source\Cov29Cry\Chaos Ransomware Builder v4.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4016-0-0x00007FFFA5FC3000-0x00007FFFA5FC5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/4016-1-0x0000000000A30000-0x0000000000ABE000-memory.dmp

    Filesize

    568KB

    Download

  • memory/4016-2-0x00007FFFA5FC0000-0x00007FFFA6A81000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4016-3-0x00007FFFA5FC0000-0x00007FFFA6A81000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4016-4-0x00007FFFA5FC0000-0x00007FFFA6A81000-memory.dmp

    Filesize

    10.8MB

    Download