2d95507aa1ea5d2a6313bc5c201cf76e6aae4c207aa0fafe8f1fcb03e94102ec

Analysis

max time kernel
146s
max time network
26s
platform
windows7_x64
resource
win7v200430
submitted
12-05-2020 01:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Cat22.exe
Size

11.3MB
MD5

25af3ae9f4ebe5413b0ca1080b69b0ca
SHA1

c34e2a2d8ba0aaea3913227de0cbf87cad4ebd1b
SHA256

2d95507aa1ea5d2a6313bc5c201cf76e6aae4c207aa0fafe8f1fcb03e94102ec
SHA512

b7194be16c8d4db0fc8305165c6d0e0aa6684b36c58855d9fab11e0d59d8bf004475df9932588cabebeff7d4f9a71dfa6bd8e985cfde1e318eb34e6880960ff2

Score

10^/10

ransomware

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\README.txt

Ransom Note

Tango Down Bitch! Seems like you got hit by GAmmA Group! Don't Panic, you get to have your files back! GAmmAWare uses a basic encryption script to lock your files. This type of ransomware is known as CRYPTO. You'll need a decryption key to unlock your files. Your files will be deleted when the timer runs out, so you better hurry. You have 10 hours to find your key! Payment is accepted with Bitcoin only, Or Google [How to buy Bitcoin] Payment 0.052 BTC to: 1sd2WD1fEJnUPkGgfTEciWENKtLeUGMQe After Payment is confirmed Please Email: GAmmA37@protonmail.ch with your IP/hostname & BTC transaction ID to receive your decryption key. Kind regards, GAmmA GrouP

Emails

GAmmA37@protonmail.ch

Wallets

1sd2WD1fEJnUPkGgfTEciWENKtLeUGMQe

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Cat22.exe

description	pid	process	target process
PID 1292 wrote to memory of 608	1292	Cat22.exe	Cat22.exe
PID 1292 wrote to memory of 608	1292	Cat22.exe	Cat22.exe
PID 1292 wrote to memory of 608	1292	Cat22.exe	Cat22.exe

Loads dropped DLL 50 IoCs

Processes:

Cat22.exe

pid	process
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe
608	Cat22.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Cat22.exe

description pid process

Token: 35 608 Cat22.exe

description	pid	process
Token: 35	608	Cat22.exe

C:\Users\Admin\AppData\Local\Temp\Cat22.exe
"C:\Users\Admin\AppData\Local\Temp\Cat22.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1292

C:\Users\Admin\AppData\Local\Temp\Cat22.exe
"C:\Users\Admin\AppData\Local\Temp\Cat22.exe"
2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
PID:608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Cipher\_Salsa20.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Cipher\_raw_aes.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Cipher\_raw_cbc.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Cipher\_raw_cfb.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Cipher\_raw_ctr.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Cipher\_raw_ecb.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Cipher\_raw_ocb.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Cipher\_raw_ofb.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Hash\_BLAKE2s.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Hash\_MD5.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Hash\_SHA1.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Hash\_SHA256.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Hash\_ghash_portable.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Protocol\_scrypt.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Util\_cpuid_c.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Util\_strxor.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\PIL\_imaging.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\PIL\_imagingtk.cp37-win_amd64.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\VCRUNTIME140.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\_bz2.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\_ctypes.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\_decimal.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\_hashlib.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\_lzma.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\_socket.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\_tkinter.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-core-file-l1-2-0.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-core-file-l2-1-0.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-core-localization-l1-2-0.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-core-processthreads-l1-1-1.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-core-timezone-l1-1-0.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-conio-l1-1-0.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-convert-l1-1-0.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-environment-l1-1-0.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-filesystem-l1-1-0.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-heap-l1-1-0.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-locale-l1-1-0.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-math-l1-1-0.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-process-l1-1-0.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-runtime-l1-1-0.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-stdio-l1-1-0.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-string-l1-1-0.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-time-l1-1-0.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-utility-l1-1-0.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\base_library.zip

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\libcrypto-1_1.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\payload.exe.manifest

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\python37.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\select.pyd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tcl86t.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tcl\auto.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tcl\encoding\cp1252.enc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tcl\http1.0\pkgIndex.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tcl\init.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tcl\opt0.4\pkgIndex.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tcl\package.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tcl\tclIndex

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tcl\tm.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk86t.dll

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\button.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\entry.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\icons.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\listbox.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\menu.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\panedwindow.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\pkgIndex.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\scale.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\scrlbar.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\spinbox.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\tclIndex

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\text.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\tk.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\altTheme.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\button.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\clamTheme.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\classicTheme.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\combobox.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\cursors.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\defaults.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\entry.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\fonts.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\menubutton.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\notebook.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\panedwindow.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\progress.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\scale.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\scrollbar.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\sizegrip.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\spinbox.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\treeview.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\ttk.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\utils.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\vistaTheme.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\winTheme.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\tk\ttk\xpTheme.tcl

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12922\ucrtbase.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Cipher\_Salsa20.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Cipher\_raw_aes.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Cipher\_raw_cbc.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Cipher\_raw_cfb.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Cipher\_raw_ctr.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Cipher\_raw_ecb.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Cipher\_raw_ocb.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Cipher\_raw_ofb.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Hash\_BLAKE2s.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Hash\_MD5.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Hash\_SHA1.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Hash\_SHA256.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Hash\_ghash_portable.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Protocol\_scrypt.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Util\_cpuid_c.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\Crypto\Util\_strxor.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\PIL\_imaging.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\PIL\_imagingtk.cp37-win_amd64.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\VCRUNTIME140.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\_bz2.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\_ctypes.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\_decimal.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\_hashlib.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\_lzma.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\_socket.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\_tkinter.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-core-file-l1-2-0.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-core-file-l2-1-0.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-core-localization-l1-2-0.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-core-processthreads-l1-1-1.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-core-timezone-l1-1-0.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-conio-l1-1-0.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-convert-l1-1-0.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-environment-l1-1-0.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-filesystem-l1-1-0.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-heap-l1-1-0.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-locale-l1-1-0.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-math-l1-1-0.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-process-l1-1-0.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-runtime-l1-1-0.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-stdio-l1-1-0.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-string-l1-1-0.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-time-l1-1-0.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\api-ms-win-crt-utility-l1-1-0.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\libcrypto-1_1.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\python37.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\select.pyd

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\tcl86t.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\tk86t.dll

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI12922\ucrtbase.dll

Download Submit