ioc[.]one - OSINT Cyber Threat Intelligence Database

God save the queen [...] 'cause ransom is money - savethequeen encryptor

Tags

cmtmf-attack-pattern:

Process Injection

attack-pattern:

Data Hooking - T1617 Kernel Modules And Extensions - T1547.006 Malware - T1587.001 Malware - T1588.001 Network Service Scanning - T1423 Process Discovery - T1424 Powershell - T1059.001 Process Injection - T1631 Service Execution - T1569.002 Software - T1592.002 Software Packing - T1027.002 Software Packing - T1406.002 Hooking - T1179 Kernel Modules And Extensions - T1215 Modify Registry - T1112 Network Service Scanning - T1046 Peripheral Device Discovery - T1120 Powershell - T1086 Process Discovery - T1057 Process Injection - T1055 Query Registry - T1012 Service Execution - T1035 Software Packing - T1045 Hooking Network Service Scanning

Show in Graph

Common Information

Type	Value
UUID	9379fc75-41cc-421c-ace7-7cce0d6d4ae8
Fingerprint	963600b5cbdd6adf
Analysis status	DONE
Considered CTI value	2
Text language
Published	Dec. 2, 2019, midnight
Added to db	Sept. 26, 2022, 9:33 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	God save the Queen [...] 'cause Ransom is money - SaveTheQueen Encryptor
Title	God save the queen [...] 'cause ransom is money - savethequeen encryptor
Detected Hints/Tags/Attributes	49/2/15

Source URLs

	Redirection	Url
Details	Source	https://dissectingmalwa.re/god-save-the-queen-cause-ransom-is-money-savethequeen-encryptor.html

URL Provider

Details	Provider	Source level domain
Details	dissectingmalwa.re	dissectingmalwa.re

Attributes

Details	Type	#Events	CTI	Value
Details	File	1		savethequeen.log
Details	File	1		c:\programdata\savethequeen.log
Details	File	1		savethequeen.exe
Details	sha256	1		3c9f777654a45eb6219f12c2ad10082043814389a4504c27e5aec752a8ee4ded
Details	MITRE ATT&CK Techniques	39		T1035
Details	MITRE ATT&CK Techniques	9		T1215
Details	MITRE ATT&CK Techniques	13		T1179
Details	MITRE ATT&CK Techniques	440		T1055
Details	MITRE ATT&CK Techniques	29		T1045
Details	MITRE ATT&CK Techniques	550		T1112
Details	MITRE ATT&CK Techniques	501		T1012
Details	MITRE ATT&CK Techniques	168		T1046
Details	MITRE ATT&CK Techniques	188		T1120
Details	MITRE ATT&CK Techniques	433		T1057
Details	Windows Registry Key	1		HKEY_CURRENT_USER\Software\Microsoft\RestartManager\Session00xx