Overview

overview

10

Static

static

10

JaffaCakes...6d.zip

windows7-x64

1

JaffaCakes...6d.zip

windows10-2004-x64

1

104.248.22...9.html

windows7-x64

3

104.248.22...9.html

windows10-2004-x64

3

104.248.22...ain.js

windows7-x64

3

104.248.22...ain.js

windows10-2004-x64

3

11.html

windows7-x64

3

11.html

windows10-2004-x64

3

12.html

windows7-x64

9

12.html

windows10-2004-x64

3

2019-09-02...10.exe

windows7-x64

10

2019-09-02...10.exe

windows10-2004-x64

10

2c01b00772...eb.exe

windows7-x64

7

2c01b00772...eb.exe

windows10-2004-x64

7

31.exe

windows7-x64

10

31.exe

windows10-2004-x64

10

3DMark 11 ...on.exe

windows7-x64

3

3DMark 11 ...on.exe

windows10-2004-x64

3

42f9729255...61.exe

windows7-x64

10

42f9729255...61.exe

windows10-2004-x64

10

5da0116af4...18.exe

windows7-x64

7

5da0116af4...18.exe

windows10-2004-x64

10

6306868794.bin.zip

windows7-x64

1

6306868794.bin.zip

windows10-2004-x64

1

CVE-2018-1...oC.swf

windows7-x64

3

CVE-2018-1...oC.swf

windows10-2004-x64

3

DoppelPaym...OM.zip

windows7-x64

1

DoppelPaym...OM.zip

windows10-2004-x64

1

E2-2020111...59.zip

windows7-x64

1

E2-2020111...59.zip

windows10-2004-x64

1

E42A.zip

windows7-x64

1

E42A.zip

windows10-2004-x64

1

Resubmissions

01-01-2025 19:48

250101-yjllnstkdm 10

24-12-2024 16:52

241224-vdwynsskdw 10

Analysis

  • max time kernel
    117s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2025 19:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    DoppelPaymer.RANSOM.zip

  • Size

    3.1MB

  • MD5

    43cdf0d6afb39d4eef072b493175c960

  • SHA1

    d660534dfe66a661afc7e728222e7179311996bc

  • SHA256

    ab86077baa2c5a0baac61785a7608456c47a3f52c672c10df6726f4aa2d5dab2

  • SHA512

    073950a883a02cdc0ed2a0ca439b7ffc8b0e1decf6b68fe557b043eb409ebe7e006d78d74d8a093abd2281adfb61079f577117466c61465122a4a8548228e11e

  • SSDEEP

    49152:WbwX3ENOtYazWNE6ZopU17WQ7PEBwAr0ZTdk3WcgxQXtSTcaA0AlF0Uu+r2qMk9:VvYazvC1RQyTTe3WHu9STcaAZv8qMo

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\DoppelPaymer.RANSOM.zip"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2228

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads