Analysis

  • max time kernel
    121s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/04/2025, 16:30

General

  • Target

    38775537030769180f53c8a9070de02086dcf762eea17d3f086d761a0c3f858a.exe

  • Size

    481KB

  • MD5

    3039e3c5a73f506446882271569da699

  • SHA1

    fe6c2d80fe6e20e23ffd5c36116b31b0c33ab926

  • SHA256

    cdb54fee4c049cfd0bd09206414e1c8bd5ec5cbab7e7fff30b2c8ae90796439e

  • SHA512

    7e95e5eefe9a3cf538eaa5adc4f454366d887ffcdb20ed5145731a77f0a12ccd07be67e7a90205230065c793d917c0c96e0abc68f22db2fc31467c53ede1a0a8

  • SSDEEP

    6144:cn2GnFwd6CWwR802pdHMzqIxkFBtL12sFekDKUTP7ondtxvyaeZSNGilD6uH:O2G3CWlMz2BFnWqTodrvPeCRF6uH

Malware Config

Signatures

  • PLAY Ransomware, PlayCrypt

    Ransomware family first seen in mid 2022.

  • Play family
  • Renames multiple (7492) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops desktop.ini file(s) 29 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\38775537030769180f53c8a9070de02086dcf762eea17d3f086d761a0c3f858a.exe
    "C:\Users\Admin\AppData\Local\Temp\38775537030769180f53c8a9070de02086dcf762eea17d3f086d761a0c3f858a.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Enumerates connected drives
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:5168

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3342763580-2723508992-2885672917-1000\desktop.ini

    Filesize

    1KB

    MD5

    55c3310dad14bc2af47beab8a9a14719

    SHA1

    015128292e08cc83767ea12d46cd238973de340e

    SHA256

    bbf478c620da982d179d3a2bd74caf4a0cc1c1b8a3b7a32a3d2cddd92878378e

    SHA512

    a0ca60d79187edad2e6382d68fe95d913173c6c6a0d9b5c14866565ac733558f7200e5a4158579a7193bfa8643a1516a1dd9ac61032fe7f3187f0169e6412837

  • C:\$Recycle.Bin\S-1-5-21-3342763580-2723508992-2885672917-1000\desktop.ini

    Filesize

    1KB

    MD5

    95f2820a622bd5c78ceb126e53a1df57

    SHA1

    3147b3dbb0b97bef5d753e36a5eb44238c8d5c91

    SHA256

    666fdff1ef9e2b27f8e7f05b340fb85d1730256c27adaf9ecf719053ae6bb863

    SHA512

    dca3b1b4d7d4089605a439b6442509503eb9c84ac02f532a19186c682d10a651d3b7bf6f93ce22802e695b3544d6543f68db330a9a4798798ff313a6f73f5b57

  • memory/5168-0-0x0000000000E70000-0x0000000000E9C000-memory.dmp

    Filesize

    176KB