Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Ransomware...KB.exe

windows10-ltsc_2021-x64

7

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

7

Ransomware...KB.exe

windows10-ltsc_2021-x64

7

Ransomware...KB.exe

windows11-21h2-x64

7

Ransomware...KB.exe

windows10-ltsc_2021-x64

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

10

Ransomware...KB.exe

windows10-ltsc_2021-x64

10

Ransomware...KB.exe

windows11-21h2-x64

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows7-x64

10

Ransomware...KB.exe

windows10-2004-x64

10

Ransomware...KB.exe

windows10-ltsc_2021-x64

10

Ransomware...KB.exe

windows11-21h2-x64

10

Ransomware...KB.exe

windows10-2004-x64

9

Ransomware...KB.exe

windows7-x64

9

Ransomware...KB.exe

windows10-2004-x64

9

Ransomware...KB.exe

windows10-ltsc_2021-x64

9

Ransomware...KB.exe

windows11-21h2-x64

9

Ransomware...KB.exe

windows11-21h2-x64

9

Ransomware...KB.exe

windows7-x64

9

Ransomware...KB.exe

windows10-2004-x64

9

Ransomware...KB.exe

windows10-ltsc_2021-x64

9

Ransomware...KB.exe

windows11-21h2-x64

9

Ransomware...KB.ps1

windows11-21h2-x64

10

Ransomware...KB.ps1

windows7-x64

10

Ransomware...KB.ps1

windows10-2004-x64

10

Ransomware...KB.ps1

windows10-ltsc_2021-x64

10

Ransomware...KB.ps1

windows11-21h2-x64

10

Resubmissions

25/03/2025, 15:11

250325-skmbpsxzaw 10

25/03/2025, 15:06

250325-sg1d6a1px2 10

25/03/2025, 15:01

250325-sd5jpsxyct 10

25/03/2025, 14:56

250325-sbdcfaxxgs 10

25/03/2025, 14:50

250325-r7ve6a1nv3 10

25/03/2025, 14:46

250325-r5ab7sxwhx 10

25/03/2025, 14:40

250325-r2c9paxwe1 10

05/02/2025, 10:25

250205-mgcefaslhw 10

05/02/2025, 10:17

250205-mbs51atmbk 10

05/02/2025, 09:15

250205-k785zs1pfn 10

Analysis

  • max time kernel
    119s
  • max time network
    105s
  • platform
    windows11-21h2_x64
  • resource
    win11-20250313-en
  • resource tags

    arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25/03/2025, 14:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RansomwareSamples/MedusaLocker_24_04_2020_661KB.exe

  • Size

    661KB

  • MD5

    19ddac9782acd73f66c5fe040e86ddee

  • SHA1

    24ceba1e2951cde8e41939da21c6ba3030fc531d

  • SHA256

    dde3c98b6a370fb8d1785f3134a76cb465cd663db20dffe011da57a4de37aa95

  • SHA512

    e7be7472241fdd26db48dbd0311afe821905f6d59dfb56e3dc035944b7346b0767a8af76d110c5f60c0ba0183ca3791e56d9b3c8b9ba887afa111aafc949c1d4

  • SSDEEP

    12288:vN3K5e8nbwFigzk6VVMqX8aQNRMcauV9B/rtiPnA40Q8:hCXbwFigzkQVdXvlcayDh49

Score
10/10
medusalockerdefense_evasiondiscoveryransomwarespywarestealertrojan

Malware Config

Extracted

Path

C:\Recovery\WindowsRE\HOW_TO_RECOVER_DATA.html

Ransom Note
<!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, user-scalable=yes"> <title>Title</title> <style> html, body, div, span, applet, object, iframe, h1, h2, h3, h4, h5, h6, p, blockquote, pre, a, abbr, acronym, address, big, cite, code, del, dfn, em, img, ins, kbd, q, s, samp, small, strike, strong, sub, sup, tt, var, b, u, i, center, dl, dt, dd, ol, ul, li, fieldset, form, label, legend, table, caption, tbody, tfoot, thead, tr, th, td, article, aside, canvas, details, embed, figure, figcaption, footer, header, hgroup, menu, nav, output, ruby, section, summary, time, mark, audio, video { margin: 0; padding: 0; border: 0; font-size: 100%; font: inherit; vertical-align: baseline; } /* HTML5 display-role reset for older browsers */ article, aside, details, figcaption, figure, footer, header, hgroup, menu, nav, section { display: block; } body { font-family: Tahoma, Arial; background: #717798; } .all { max-width: 1170px; margin: auto; background: #000; min-height: 100px; border-radius: 10px; } .tl { text-align: center; color: #e03930; font-family: Tahoma; font-size: 28px; font-weight: 700; position: relative; height: 60px; line-height: 60px; } .close { padding: 15px; width: 36px; height: 36px; position: absolute; right: 15px; top:0; } .bg { background: #252a42; text-align: center; color: #ffffff; padding: 25px 15px; font-size: 18px; font-weight: 400; line-height: 20px; } .bg span { color: #f25252; } .bg a { color: #9676fd; font-size: 20px; font-style: italic; text-decoration: none; line-height: 35px; } .bg c { color: #f25252; font-weight: 500; font-size: 20px; line-height: 35px;} .footer { padding: 15px 0; background: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAL4AAADACAMAAACNgikeAAAC/VBMVEUAAAA5AgK+hoY3AADBiYnFjIy7g4Onb2/IkJCgaGircnK1fHyyenq4gICaYWGtdXWwd3ekbGyTW1vDioqXXl7GjY21fn7Mk5PPl5c9BQVHDg7Smpo6AgJ5QUF1PDx/R0eLU1NbIiKES0udZWV8RERoMDBOFhbaoaFzOjrWnp5YHx+JUFBLExONVVVhKSleJSXgp6eBSkpsMzNKEhJBCAiHTk5UHB2KUVGkbW1wNzdSHBxRGRndpKQ6AwSeZWVBCguhampkLS3JkpJPGRmdZGSVXl6QWFiPWFhEDAx2Pz+GTU2QWVnMlZXmr69fJyhHDxHa2tqgZ2fjq6uDSkpiKivBjo5tNjZWHx9EDQ9ECwtyOTllLi79xcXVpaXjrKxqMzNvNjbXoKDxuLjnsbHco6PutbXEjY08BgipZGTgqamocnKqc3P0u7vCiorrtLT6w8NLFBZbIiW1eXn/yMj2vr7Fj4+4g4PpsrK8iIiiamqPVlaqc3OrdnadZWXDi4vNk5OfaGicZGR9RESfZ2e2fn65goKXX1+jamqbZGSMVFSjbGyaY2Sxe3uyenu0fHyZYGCNVFS3fX2RWFilbm7Kk5OGUFD3wMCOV1eKUlPJkZGtdXU+BgdkLS2ETEyTW1t0OzuXXl6ia2uOVlZ5QUFxOTiASEm3f3+cY2OCSkqPV1fKlJTCioqnb2+4gIB5QUFIDxBNFRW8hIOdZGRWHh+hamphKChxOTm+hofBiIi3f3+GUFCPV1d8RkiUXFyPV1eqcnNxOTnBiYlpMTGAR0e8g4OqcXHIkJB7QkKOVFXMlZWze3uyenp0PDxSGhuhaWqYX1+pcHLGj492PT6MVFRYICBhKSm/iIh8RES0e3vMlJSweHitdXWudXWiamuyenqnb295QUFvODiMVFRLExObZGS6gYGsc3POlpawd3dCCwulbW7QmJhaIyOfZ2drMzO1fX2JUVGudXV4QEBUHR2aYmJ6QkJpMDC6goJUHByIUVHepqaESkrboqLJkZHJkZFigLAOAAAA/3RSTlMApqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampqampgEjpqamCaampqampqYEpqampqampqYSpgSmHQamDaampqYXpqYQGqYWIFU7E5V8Fg9gXiooIGs3C19MQSyPhE9JQTYuKhmml3lDIqCUkoOAenFwal9WUEg2LiCalpWVlI6Nh399eXhoSTgoJaajoZ6VkYh6dmJZTz83MaKdmpSTj4yMi4uKhYN9e3ZsV1NHRC0gEqSjoqKenJuJcWxqamZmWj6joKCcmpGDn5+cnJsb+11aAAA7lUlEQVR42uybB2zzRBTHG8f2ea84sR3HznLiOGkSZw/SXVpamgL9PjYU6GDvvffeG4TYe2+x9xB7I4HYILZADDHEkriUPSUEZUj80jh1qtTv7t5797/nS9dvsOLaHVb+hs2+YbsO63/LjjvuuPX222+/cYeddtpppT/ITpCNf8r2kK0hO0K+u8oPV4SX+4YdO3zzt83W7vqf//mf//mf//mf//mf//mff461V95165223nXX/5o03+nsd655/IknTtltt4t3O2G3ix9+++Ajdj5ylwsP3GTFrv8A25+W5XGeEVhMVxDcjzE4giGMKF959Rnv3n3uxhtvvXLXv5hNzo7E+0UAgCBQFGAJJi4LLMUJKEbzIiN8+umbVx608/Yb/ktHYu2DTvAPOoqKowShII6+UavdnrI3V+2Wi/JirxhgWb9feeyZZ87d54bNuv517PMISXGZWCHaTEeX1uS4lB2J1GRKwPE5ZWpqI2dKRxEgUQLCvPn6s8/ft/a/bBSOsBL5oXKfx+uFPyEPpMejLRcKRtdZVo6QFKsS7tSM7fh9CCUzOLH7tSft9G/KTOesOhQMLrNayNMxHdrvXWjHAvC9vrRRGV2WD/hVVZmbdgkA2FsfPer5o9b/twzCIZPN5DLJnm+s9oQ6r5BQyBvq8ZTLC+ehnlK0keVEnp3Yob3eBCaA/sPvuvakf0VC2uPkpasOlb4xHlqqeaC1Wl9p1WCyuuoyzXS12ayml0uWyssFk6XViyStY7brohxXf33/vV7851uw5x3RodVDnT7vuEtPecsVuoeqk/ncOtE11xlYpWAa6xbCaw7kBhJrrtNIpZvLGKZB4oNzLXpJaiPx/X027PpnOfC0oWbftzHbt+VQtZqvbrXmZCpXLJopK1PJLIktOxKRuFgsa4WzUrgYXaUYNQoyjcYbNiWdcNA+B3b9k2x45zLJjqP3bDA0GR1a2kil1hgrNMwCSdZFqbJEimS4Xr6fJsU6i4sMSo6SyyditYZRa3A6QtPglPcv2K7rH+TMZCkEOz6Zzm+11WSqsKQmLS+NyiRJ8iIFKIEnAcUgNKKgTktXdJ+CBWgqPgpi1UQqwqCESt382RF7dv1j7J8MhkIbDDVX3WooveaakwljfDSyPDfMxXmB4ziGcAhEVVp6yyZQzPHp9tSsvZ5C18PxaCmYr0j4RjbOnfrsPv/UZLDXMn09q5eGhprd1eqaiXVjVsoIjxuyJC8rkVAFibSuOvYEhvkmFNXW5/SWs9785tPZYXIgFgk3ljZiPsfBwavPvfLPTAV7JbVyd7O6arQ6FG2kxkekEZmUK7IUj2RJCkGJCQJHdRTDiUHbWW/QcTeybXfGvwS31qhQOCtw4ZRRd3T61reP3LHrH2CvUmj17mQzumY6n7FikixHhmUJxHlAswzeYm2fjuHMIIpP6Dru9ztz7ak515bqvEXKIkMxDEtFjAqvI6J49T9h//7LBaO5XMIw1lhqplNmfmCNWCRCwfgFvSyiqLqt4CzuzLcIZz1Ecfy27rY28mWVZYswsgEF3Uug+YgZw3WePHGPrr+bfW8L10Y5EYp9QIu9HCBJCvTK2VhhfDy1BJB4wI8hCE7YflclcFtVpzea28jFI866MVEUSbJXBHWKIliysiziqx3R9Xezs2klctGBpcWGFatBnxdxaCwx6PMjGMuLIuCWjZMUjSLEes4UpjNKe8ptbY5TiMH1UxQA8d5hkaIDAd3PGUA8q+vvZudosuyFeMrBfD4xzgu9pNgPeMqPoj5bH2z5UZYi+zk4NIqu+DFVdVx3VkRARgQixTMU4Os8I/hpVecLIwd1/b3AxVZ6SINCORTSSs1cwmyMj4pUvc5Dj2Z4hEEdTJlwbEzFebEOEBK3BxFnSs2iohhgBEokeQEVeMBPdBS1X9y7629m/UuXGfIs4A2t1kzmjXBFEgHPA8DTdWhdAMEwTCV8alvB/PwwRwuE3fLJg6Qc53mGZsg6oBnGEXyYo7ef2afrb2brB5tVDSrlDsv1dUeLqZhl1SQZRjBsA9VxEBr3I34dRrCr6wqC8IwvItISGR8mQV2gAiyFTCA+v66+ce2Nf7v+POlBqNg83xDqS+byCWtsPGJG6tmYTMZJEggkCCACj7Mqgdltt91SFWHMNEdHOY4UQX9/XayLqEOofvuwG7v+dnZZo9rt+Y6+7mA1mkuZZmKsVinEYstL5DApAEDTAMGg9e5G7ZnW9Ea6Q3CRGifGpTiIUyiLo4rPsYmD/wHVcGYuGezx/kC5O7lM07DSYcOsZIYlThYZUhwGEIrHsZat6vOuPTXjCmA8y2U5spenKUyFC7CvjvibrV9xw60POPKOdazwEmvspjUnGzeNrTIZbQa15cra6sF0Ml2MjdRi4fFlQS/VS0I3AiQJ+9lWZxV92hZIwYpZEYqn6hghYMqXB/89RaAVN1m5w3EvfXjWNY9bywNyOB4HNM+KcT7A9PeT/VKlFl4jV9U0LbhctRFbEsmGpZElMgl4QIo8whO2rbYCY4YiilQ8k6VZGtEJ9d3FlvybXXjs9dfvcv1dV9wOH4dd8oBAs6hvcELRHceZUzd34BSlE75BPyowDALofk7KhgeKufTSsGVWsiSUzyQpUgLZz6sIltbylK9Gz7FkNjuMqesdvl/XIrLrSddeezhg+GUzy47GYrFKYenAVktXWXONpeuk4KkElh8FPIMjg+ttpNt629nUJQgd5RG/T2AAGUslJteNFSIxAOokYBiawsUeLc3ZS0TEmSZEC+iPHdq1aGxy/Qu3f0pVCmsOrbbaBj2wEPVT4Lnm7dDXnBxbZ81MJCvC1K7YLlQHLou1dUbESbgwaVjLcjIF+wBQFFlMxxTFJFm1Ne0y8sVHL9paa8Wd9pIls7qC58dmwxP4gO/09MEXyI9Ka9rqpXKwO7dKaoQDiKrP2rMK6iAUDsgl0ghMNkBgWMChiLzMmsuyimvDpeOZm3QtEivuc0o6GPqmk78tBEI8Cw9o/ZDne75p1zeDU15OC/WEYFOCaWskQ6ttRyECdH9kmMusYWUyEiMapeXWiJAwZ7bc2dcWz3UO3H/M610w7lsjfzh6e7yrLv2+2z2Q7w5a06gEv2uLpoWaxihF4ygBJTTdOxozi1XvUGHZzlxAsnMznx/ctWgceGrqm77+NVZYRetY35lum0OlUs+CU5WXa47Fwolksqx1SoZaeZl0qCdYTuaKY70CRiAIBUYGtOA6ETgZDHOU3n5+EUuFKx7zWdXr+XV6CmsudH1PtTm01Wqrrdaz0JLqAFxkRVdft5Gx0hrUcaV0U9OSyY4DasFqg2Nwv4qAcFSrZjiKqROP7te1mJx0+kMLzr5w+H4gOufFsQ16esobdFebq6w5tMKqK3TCY/X0mjVmdOkyZizCqsKSkCefG1omqK3aLIe+XdQkl5qVOj6hACOaHoujlxzTtbjsecjJ0LCFAPg+BiDeYK3b6801csWbUg3ThHIBBnawavSC5Y2aFItQCp/Ilb3JvnSxudxkrs8Tgm0JG4n8qkGtvEEzNcyzTH8sfMqilwg3PPSgk0vLLVSRQ9/aD19DZiJYWj6bMsYrEaMxBm30elZfJrWsWAh39CRJY1p1PORZJhHOGNH8utUQrINaveFUvlkKfRPsQ4mslK1fvdehB27StahsctJe+99SLH87CB28WiqlJQOEuPyylVgMhupSeItCS+YqorTEygxHKuMc1h2MhLzRwog0Fm0Uo3BZkKgzkUY+WO7pjCNMrJByAiiPHX7djRt3LS57HvrelZcm0jA8F1xo9VR4KCQSokhKViG8NJqOLlcODaWWBeNAznAc6K0V5Mga4ZB3mUacLE6um4omNc8YCeJmHv5SXhjJHs8GVZit1skIg29cdPcLuy7uGKx44PYf7P9Uos8LHSdaiOWXk6GUlyuNRjKdK0WDpb6+RByJAZylUJ5keFKUZANGSBiQ66y7zjqT1bIWw3BplXTJU17h23FcYXJhZmimjLjiP+zglxZdNK9/zL0nPn7ZZICMlRIqOSJVDDOXTK5aXKcU6kmHQYrCaVR3JniZBVxWTng0zSSXnSx2nEcb6NWxeHGZ1bVm9zcTYd9Wq3lD3oWmrD45BlD8mfNe6VpsVtzzXk5kYmsIFJByeasySmXNIS1UrlrcpIn6dUd31PqYSPNAGlo9GLIEEA6Hly7T522gNjuyRjm0ejO5kII32HKr0A9zdbm6Buf/8opnF/9+0TmyKBgcMWwMGDFjlehkeCRWCEUlORURCdue2nzW5U2/YwYLwWVW9a4JxCU1Y2AotJwkKCCS00LBKDS/M1Wv2Q27/tts1nHJUPcSYfC1/Q9Y3KXL2lclAtwATmQq8tJUJdu7ZnONsGlactQElM9uzW661qZuYJbzLrNuaGBVb04iK0Uz2q2tKeo4mVlV0xJWyeMpJ4eK4dBPlNSCCGwA9db9z1/MG157Xj4khMPIMDncbeAE0p+VEgXLGgiaICACpzWz1lrHb+4oUjmV0GJRb1XqNywpqpULgoONpoKhdMIoefqCzdzyq/xMjizov9XMCHrRGUcvnhA67rIS16DAEhAVByPrpFdYfatKhIsM9DU4kmT9trvtNmvN2igCavng8kXvMjKIFYwodC4f4V8+7QmajUoy1N1MJzLQd35hP3z2TJLK7e/t2rVIHPdW9yq5VFRIAdpIh7yQkMWJhWUsqZcUCLXV3mKtLWbnVH9ci4pRT7AiZgq1tMfsxwnOiPbkTSO2TE/3uqac8vwG3p6oPHjti4vkQQdeXl5m1XxKNtFid19oIXksJw9TxRxJygymuu62W6x1fNtVZa8J8t6kNd6wRlYNVVg/Kg8kQ3krInVrydQw11kS/IKFtzqzMXnRQSt1LQbbXx7MrJmXwjJV0r4LuiUcKcUyXJ0iBt35bY/fYov5jabM0PLigGfVJSOFTGK5puTT0WUnPVXD6GWW0/Imy/26EP9OGmqWcvEBf7ntGx6z86VWWE5pUoy3hjb4rruicUZOZDKcKBAtdQZ2/7a2nuwGVM5bkriCtIw3zNsTAlT5xbBJcquXl4aRojcEP/xbQJc0xEt3+ktLb5u9fMidI3I/J5MZLZUJJILfZ74ibdNmNlNnKKzlzmyx1lqbTyGhNZjedb1lmYxFSuVMQFFBYrlyaiyBkFopwTGaJ/SD+v5FDgpBTZT+eO9N/jrZeczeT3xSoATdUWRglFMmvkbP9wLUUnbQM2HSjymOCzPnppvOzEieCM81gmUrTkrlKBlQECkXSo6bGSfeF03Fjc5nv18k/8BCMIU6R2+idueGf9FUddyRJ8Yom+DGUNWkGZoLGgm6pn1nfVnUt3HGx/sRpdXeYdNt1tpi0/n5gTJgl82HklYvMHuWMAjCW9VywooFfJFStBBIfmf+z4Cp7NuCRjJ2y9Er/hX+vv297z/STyPY5rPtSibmzXAkkjJiFhP9zneW0nPbYFKERKdmtt12i23Wgv2Prr4Ojo4mPElzeakYlFmcAKuUg+NjpoPG+hKAgx3s/XU6/7AvnU4nTnxx7b+gQnjD3idbUmB21rFVV/XXjEjNpBAuQUZFue+bLgyK/PQMR1pxpLUR7PsOx8e98kRgdBVPOmwVykWAEkQ9oWk1M+YPFLUEd9uTZtiKFMJWY5XJrWAVcXK1anM1WJCoFkcLRmZ5brer97ph6z/f8fvec/oJwFYy8c2tPkIhAjgCeFCndCS9bHbSR67Q0etLK0DZCF++FqFQuO9umwX7Z/JBeoKRiqH0cG9Ck4RBnVg+2hNs5GSbSpciH92z57HXH/XCwQcffN7djx522GGXHLbbwxfv9vAjuz369vNHHHHUUUdduOGfd/vjzt9/N0HApnfYVDeBGRZ0VejU6hEWIOuJaWCk+/mYIdXJGq5gWdmUAeu6m0Lz4UPtMew5NBL1DGRGklqNdFS0lgyZ4XUEH4hWyVM3++mXJlfufGkSvq7412X4G/a+7SNkaoeNfK05naArog9T2F5SJDkRF2jcpmNUWFsqjUqF8bhAknUjwtG82na32AayVlYDqu7n0j2NkXB5MsspDmqGkmMJEzCxbos5fZFV/coHnHgbaUUcJinofgLF0EECC1D9QAQ0ECkgAHaCiwT4ykBizAyPZ8h6ISuPxCl8anYL6DpbuKUE4SPw3pw2Kqeq8QI+qDANzYzlLYRJJCuvHty1mKx8yImvCur8NAbGxxgMwTGCEhmKF0VB6BWQOiVQNPAzmXFJoLmCmYqDJSmJ6qUoMgCdfy0IHZIJVWHlaJ7jciY/wuqoFMxHimu4dm8iH7/lpK7FY8MDTnwVIdQJ1VayMubDVJYFvRTg8QBJMgLJBwAj8jzHwoLUUkkYXl6KWOFlAYWiQMTV2dkttthi00QS1wkClaNGJZOXOHxQJYvNVLpJObQcNJHTF0/Ob3jjQbvh7uzm8OqsjxVZBAfisEwCQQgIDCXQFIXhDI2iJI8xAmdatZoEWIShdRT0izS60cyms5sqmuWbm1YRad2ClJrsl/02UUiuGV7OFOn+VJTDdu5aLDbe+QkqjNmryrMBlGcDDMWAOClS9QBC4CyuAr4e4CmdpUEdAN6HMWSd5XG8s+2FzMbjAcyemnftWJBT13OJ3nBiNBuscHUfTpveatgAoBJOJgT6kK7FYZOjH3kddUCWXYdSoa/3DtdJDvAAoVUEITDdh/t4ikB4hKFQCgCOntJ1AsMI1NYxXs6ILCpgO7htJ1gUHNdVecOSrKCc5XFxOL9UkiM8VVm9lPEdvn7XorDTmY8EoOzSaxVCkWQZhibPMiyKI4gPRiLcjEasN4izvs6dBowVKYoidJdYb17BFUIUKBDoR1nEduf5Moe02y20PzZKFqG4xHmymIzRAdFakqpWx+jFSZsrn3c6j/h0nMExMsKR0vIiDFce2q5gE63WTHvaVWzdxhHC70NshGYBBduG2VAh236GlKgAobLoVHvzzdeNssTxUN/XKlRGk+K4zXP5XIAJUJFisMjlbr6/axHY9awRFIcBiLMCEPg4IOs0SrM+XdWn51uOPjtrT+iuvdF6Cuo6DuYoFMIinV07KFyeuwgDyABBKO35+Rk0VEE22sYdpCVDqKRJESWYTFpWFRGNlNMWb3yyU9dfz57XjNG41sCBSEIowDE0YJAJta2qrR1m1lM2X2+OcFwHptP13Fl3zh1EJ/wUzEYUzpC4ynY8hNXn54+fb69RYv2brtXWMWBwAzHZP4EwBUNgA4LT8JYypHzbYlQRzv8CSHQ1wQGoCigRMAwfiJMAdO7a+1C/H1EDABEoGKaMX1F1d3qOGEQQilEQwFNiHGFhJDCt2c1n5n3eAtreZtu2TjDAHIgr6wmUNYkPsoKKRbX0uEie8tfvvtjwgqsfWFaOxJbnZL5/RAhQFM4CNl4XGOjkTDwT4PtpBsYmTwEAvUbAVAcRGQZlYcakAZchBYmZs9uz89tua5QAscVam7ZsBAeNYeALADlaUFSMmZCXS6QKIPDwXz5prX30GaQUkbmsRMYBEAEpMLofx6bUqel2uw0P8/Nue4c5VYe7MTE1gMtkLxSePI8oUAyxgO6nyAjT3mHzHTbfFvVYiL3NWjPTLRXhOAEQzLKpqt+n+FBs3egaEVFU3tz3r7Z+54+AxJGyLMqin6J4jPXPQptbtkr4UdyHswiDE5gCC5jrzW/rbr65vYND+NBWgGUUFcUCgPUBive5G023N2/luoGy6Vrbtl0HBcvWEZsVzWQvNjeNEES+YWUpepA4Y8W/1nN25uJZsp/kSagJGMJ2VJ3ol6XxgpUyY6ZhGOukLDOWSITHrEItE671Upg6u4M71dJb7uYtt6XYiqI7+vRs2231erhBfS1Y6HEGGZGkfFggm4thtuNjNmfNGiwnMuimT2/9l+b7gyRAk/0i6OzMwikuUjNS6wxkRyMxaxVo+cCYUUyF17VSRsQaXxIOm+ZNudykGctSOD3Xnpl3p6Zn3Wm4vXTKdlt6d9TfgpWSGXcjVWFYFBPEWh5BWi2AzMkUEEiOZOeJF/9K83fOCiAAI1Xw81LETBlWYUkslY42S5oGCxbw+W3xoqcMN1yssOUK1aUD0RXMcHSVNRLGkixgsZmZ6Tlnel5dT3crmuTfaNu1tmg77WmVwh1EGG+KqmtjSEsdDSgBlmWwtnPqXxe8K55/CwkCAcIvSoXCyHgYbu4aKCU1j/d38fSs3lc1xgqNxjqJhMkJ2Jy7nm/CprwxHwFrzMfvMKtPML4JnygnDP/UjE4T26LDULIyMPe21d3+OvP3+bq5qw6O66vC9PW5+1vJk923u1nf7G42a0l2N9l4SKANsUKbYsUp7u7u7u7u7i6DuzO4w8AgA8P3Cgz8wQANRe6vs7+0Tafn3nvud77znXNvP8t0aFXRG97SSmU+u/qn4uGFJ738Va/64Y+ffc87PuhOl8aDnve8O97zNb8YxP9Wzr4wQM/I4Ub6HBpoK7aV5OJbArrtoBFebyoGtVkw00XXSt5kliBnr6PNE0zQkc0weerFV6yB5zaftRVmw0cDWt0rQpt+0ste9az3/fyRT7zb31ugazxzlNseXIgksL+q2fuLXTc0M41UajSR4llq6prXhDPFVOK8GHgNjipc+9YF63aPdWQl5LFAgZ6kXn2lzL/aw3Ve193x8MxM/0kv//HDvvb1x/wjXfGDL90/Ob1/cBEz+HNB6lJtaiLRcHdyJyay80Ryc/Im1y5MzkqUMa7XZWzGTW52w4Ub3upmvGkrKyUTPChGfPWKUeSn1HV5PpM58+tn/fxG1/rns73TXXbily7GXfhLY1Ik60U9YtOjdDjk2anJZDJmSR2HdjOiEVu4zq2vOhkr3PzaybQuKK0SEwbE1EuuGOV8UE1W/NqrnvPGb/yLu/Xo96xtDSLL5/5yvRIbEM9l00FIOpZAXXdyKuYQnIwUF02bp653k0lWJW5yzRvSNY9R28tcST01++4r5vrPya89+dkvuPHlqORf+pjm7t5i8cSl7tn4YLBYy6ZlXmUJkixYgkEWJHk9vdWwiamrXu8mqLJIROHm10wGiWxbVPTWCjH72+de7Thu/neFtDu94DGXjbSP45QVVWjXUWuoV07Los1ObVrIZGKqKFfS2aqXzTCF81NTs7MxSyAs9tY3n6Rz/dMlgQ1dZvba37nlscy/YpHike9a1mUx2C2ZclvH/RNFYkm7o3K6Xx31phNFnYhd+3ZT14VUofCqZM3e6qqsf7LombyhMLGbLbwNqe7/0HyUt356319mc+hUi5+Ym54+EU/VRrVesTxR3l02VziFN6bOJgleM+uKRGzOPvY6rHwiPsoEnCHEbncT4kv/+8vG13jBw99+rtbv93uD+NzcxNwgXi42VngSqQwh0FFTc9rzlgjHsSZvfW1K263lzqzrPKs6s5PGI67yfzBucO/7vm1cKpmdIXi2bg55QZo6OyUkZy2WoIN8o6WJlMCeutm1b+IwzTNc60zKHQusdDtD/b8wHztwr09Ue9X8ekkmJLbgJCnW7ujtUsZdyy6mfIaaTCJRLlw1qfUP3DYjjrPQ2M/ePPaQF17l/2Tc9mll3BnCyFW9unuUSuBSN7qAZ2puPm8TztQNHZuj5XjKrQQmpyhaq+5cj37G/971/zLu9lRvayaXaKI7cHo60U+k1lKp3UywwgmMaceSIqcy2YlEtr4cmKZoo4oh6umn//+Yf5X7fGKpnj3KpqozoyxymmqLG4eMIkEQ5zlFZ5jM6kTNy7itdXQXdqBK07bxtnvc5/9nAq9t5s0QTWFr6XlNUocKdZNkATpcIUbzbmM0ODGXyFX9esZHpCjJ0L9iDsW+5D23ucr/yXhmNr6aTTOMJJFEYXYS4qcaypwm6+lUHPdYFlMzuX610XW7XiaNA8AraBcz2Hff9ir/F+Nr7zzqxqN3PXo9+E8+i0vTW1Uc1YyPJHO1fBA/AD0tx8u53KjunXYDVGlIglSIp97nKv8H4/nv/HDOayzmELv+kkbGE9Va16+YsummmvEERrM2k4tYaTNR3Mp7UKrW/GD5Xeg8/R+PWz7nZQndr1XyfirXTxwcIJX/8/2EidxehkM1LOREMbp5ychhprpV20O/ai2H9BhK+ZMf+EZItf+7caNnfxqc50j2s8taac3bwW31crkcn4tPR/nMxIlBLZ9GDS/mJGMGETubNFgqRrIWKgWQSGevG7M/9Lnn/c+e+bjlPV8ez8UnBic9rdXbqci8nMazHrXsYnExl0sk4Clw/niqpXdknhCpJOjz1BRYNFStSVQwZqcKZ8+fTX7lKv+LceMHP/tl8fhgP7EaP5nzuZXaTNXjODPtZrxupjvyGmey2VSqOAPH3xsdlZQwlEkrVjhVwFYkz8cgaM06CwVrgSU++N8PAfd/5Gt/sT1d3i7PHCTgPrlGhQ/Se6s9b91cMf0Mbn3XvZKezviH+W4328/N1KrZmS43JGmIpyoKGrhRRBAUM1Ql/ukv+C/bf/eHv6Y5M7O9vZhb3JtZbJYn4nPNvK4rFfdMuZzK1utDheFKEcsx0/U22k/W8i4uM6aqrq6qCq2GIWe2KqfzZ4qJftXN/O6O/0X/v+kL7vnpAdDw4vZgMVe8RXcm1cAE0OfeqwIs86libjqxVZ9XeaVjygBPvbKkVzg5KPl+O61zTBDoa3tNNL7UUrVedpQa9Yv91zwf1Zb//PjGHR72rHd+cxpjdYCbNtuLM7vZvWLd682sXmrhmsZtdc/zdlOJweqRxsZQ01MlRiZitKQICm+bmWIifiKxN5Py3QD1eVJVSJUx1fHSb+759f/wBYrbPvJZn/4eri9V+4v98vTchcEgvj9zi928m/WyjVE3kRjEpyMxtzlzJt/Ij1ajJjBykmLZyZhjBW4j4xVzudVy3g9DzbZtDRUnURQFTdWos8nYt5/ynP/cIyvfeNQ9X/ORb84NwOunD3BBq5faHkQB6mK5nE2bS3K+2k3hgOZ6A5xkNIIP+md2R4kToJpByMlht9/Hn+xlz9UDXaQhpywQlrVJUZQgbwRrfscpKAtSp/Tar/8HJoCk9p6fehJWFuNgGpl5fBUs4OItBvCW7cXpZva0Zpp6OzsaVbO1arGXS8SbCFlxTGQA6W11OrFaTCRG7qVnesCWHYelLUpwaMogxXZjvZU2JYnGPDbqT37Xz6/0Kb7zw1/1TVwtuLB/4eACJnBhsH3hBD4Ptm/RnJuILyYG5XOZUrDSkt1SPt9oHHV3q7XRXjmRS5SRxuf2EntnfJPDf4qDio0VmzWw/mzMZlWNURk5zXGVer0S5JEsrFcbtde8/zFX0vr7fSqeaDYTze3y4OL29GCw3ZxZjLTlue3twS0uzs31yotbPjeu+3XNDNZPe/nKsh/goblGL7Wz2BuNGm7N1cyKLBG0g8utsw5F0hK7cN7WOrirLjC8l63upFKp05iAprdF/q0vffYV632/wfum+7W94kw/lytvXyzmgDYXtrH80DcvXCjjPaS5cq68WD6XfvOSLvMrS0zJ1c16hVlp1TPdLOKvmxbCls3InFpgKWpyskCy9CSSekXltCCtSlypN5FoNhp5cz5cbjs2EaNILf3p51wZHLrXk3rFarW2s9vvl8sXe+Xt7TJm0Ny/dO8qjkclbnFxsTxIXDxs+WNN7+gc7mtV6mstTQ/0SkbXTB5ximNEBl6/iTB7qmCRlo0CKYLCWGU03kMuU6w1NzrcirCgipQjsXaMFksvffz77/7vV0t/3G+c2RnVUp5f3alW97AHF8sXp/ebAxzKSyL5LbpbW4l+ebuxUUJJletw87Ksh3oJVWqU4JRQ50yNWyrpSzEq6ZydMs4WYrMCb/Nyhwvp+XWw7H4j3/Y2SIGmSYpHkduYtFXasui3fPqeb7ravwn1vy7iuaa9fNXf8Hy32tgp9xL7vXLz4v72/twciH3z4kyjkSrvD/a9TtuEUQAXSVQJjedkZklf4cx8Gq1W5rwsJheuGz13SScpumMyeigR/PJMYroHbPVFRkLhWGBpHlIpgh1NTpKS2vnwA/69HXj4N6tnssVddLsuB+MAVKx7i+JieT+xmNve3gfyoyy0fVC8xfbidjlXUjZCHkqOKtigZDYpilSIXmGwhCFpcALpnGIpo7AAxkZzwYomGErQbyb2ilmvZTKbtiEYhoD6d9IRCoRFEgQLTsq89t+6Rv3jxdTabrOty0HQ0isMvy6nd7K9wcUDnAAcg+05OND0/n55f3GQy/lywDCyIoqkwgiMQiAqmTqj0gItUrCKSiJNueECYfDDcXss0ESllivvZUfFFZ8hSJakRIKVUHdnQTHwR2dPnY+xhcmnvP/fqNn9ulls1Bt1rWSOlwkcxCWmUs9EoJ4AqCdWm+VEHJnticH+IJGAriaHCjdvKwIZ0RseJpGmDa+wLEFKFlDvTp46xQrKUOYYjmLSNcBxKl/y/FAjSAp2KwZrYNFnr0ckC9croHOITMamHnf8hP5N3yvWsLcZblxKXzKelzmeq5zOFSGq5RbL/Rx4Djr449vN7QPIyy1OgMxD8DatEqouECzJ2psQPqcoI8ayycJVHVXh5TZnkrTWag5Wm3sz+Xne0+E0lONssiJFxGLUra97VdbCJkB0YWNJ6stXO3bImuunYL7uD03oNqJMiBwRmiK/m01hBolyOYoG+8DQfWB/oreXbc2TAiNKEHwkSTUVm2UXBOc6FJ00yKTlUJTNcYGLAp1NVGaaiYOZbOMozcu6TSCmsfAuCZtAnz+VLMxS7ORZVPgmKfVxx9Yj7oSLoVUXBd8NlEhk2+B5MRTHnDx2035/VIT1vdV9EM+Tc9uL5dXEVuoow5N8RyFIwVAlNa0SMZKkkoUb3pCmaJYGovBm4OuEKCxVE01oV+fSXF1mbJqkcVQXKDZJEQRpo8+ejd1w6nwhtkDSwvwdjy3hoNZZ89YzTChqHD1P2KKAeahaGC4vV12ksuVsfx+BID4H63PNcjablyWG0RSakKKHPJahyBI4pOcdCiVq
Emails

href="mailto:[email protected]">[email protected]</a><br>

href="mailto:[email protected]">[email protected]</a>
URLs

http-equiv="X-UA-Compatible"

Signatures

  • MedusaLocker

    Ransomware with several variants first seen in September 2019.

    ransomwaremedusalocker
  • MedusaLocker payload 1 IoCs
  • Medusalocker family
    medusalocker
  • UAC bypass 3 TTPs 2 IoCs
    defense_evasiontrojan
  • Renames multiple (163) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    defense_evasiontrojan
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 21 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs
  • System policy modification 1 TTPs 3 IoCs
    defense_evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\MedusaLocker_24_04_2020_661KB.exe
    "C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\MedusaLocker_24_04_2020_661KB.exe"
    1⤵
    • UAC bypass
    • Checks whether UAC is enabled
    • Enumerates connected drives
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:560
    • C:\Windows\SysWOW64\Wbem\wmic.exe
      wmic.exe SHADOWCOPY /nointeractive
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of AdjustPrivilegeToken
      PID:5236
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
    1⤵
      PID:1680
    • C:\Users\Admin\AppData\Roaming\svchostt.exe
      C:\Users\Admin\AppData\Roaming\svchostt.exe
      1⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:3392

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Recovery\WindowsRE\HOW_TO_RECOVER_DATA.html
      Filesize

      27KB

      MD5

      724e3375205e266bdbe91e25d9197536

      SHA1

      4ec20aa00115cdf8752642a96532114bd28ad4b2

      SHA256

      98d01316f7a26b5e167b0bc1d2d4eeda3c0ef4773146edb9a3402a1512fcad5e

      SHA512

      91ea27b73759e8988a2ed573a9249d2cae3f55a60ec45a494292dafb62d3ed6ee0ad12c426d614228bbcbb539582959267e3fbabbbe238208429d0af38d29e0e

      Download Submit

    • C:\Users\Admin\AppData\Roaming\svchostt.exe
      Filesize

      661KB

      MD5

      19ddac9782acd73f66c5fe040e86ddee

      SHA1

      24ceba1e2951cde8e41939da21c6ba3030fc531d

      SHA256

      dde3c98b6a370fb8d1785f3134a76cb465cd663db20dffe011da57a4de37aa95

      SHA512

      e7be7472241fdd26db48dbd0311afe821905f6d59dfb56e3dc035944b7346b0767a8af76d110c5f60c0ba0183ca3791e56d9b3c8b9ba887afa111aafc949c1d4

      Download Submit