89eeac2abad61ef22fd914f9c4efaba04ca830d93ab1611c985531ac6d5e8460

Submit
Reports

Overview

overview

Static

static

1667e16357...43.exe

windows7_x64

1667e16357...43.exe

windows10_x64

17139a10fd...61.exe

windows7_x64

17139a10fd...61.exe

windows10_x64

1cc7c198a8...cb.exe

windows7_x64

1cc7c198a8...cb.exe

windows10_x64

243dff06fc...60.exe

windows7_x64

243dff06fc...60.exe

windows10_x64

27214dcb04...8f.exe

windows7_x64

27214dcb04...8f.exe

windows10_x64

3dabd40d56...a6.exe

windows7_x64

3dabd40d56...a6.exe

windows10_x64

43e61519be...aa.exe

windows7_x64

43e61519be...aa.exe

windows10_x64

48a848bc9e...3a.exe

windows7_x64

48a848bc9e...3a.exe

windows10_x64

508dd6f7ed...dd.exe

windows7_x64

508dd6f7ed...dd.exe

windows10_x64

516664139b...4b.exe

windows7_x64

516664139b...4b.exe

windows10_x64

533672da9d...8d.exe

windows7_x64

533672da9d...8d.exe

windows10_x64

6228f75f52...ff.exe

windows7_x64

6228f75f52...ff.exe

windows10_x64

6836ec8588...d8.exe

windows7_x64

6836ec8588...d8.exe

windows10_x64

68872cc22f...e7.exe

windows7_x64

68872cc22f...e7.exe

windows10_x64

691515a485...a5.exe

windows7_x64

691515a485...a5.exe

windows10_x64

78782fd324...34.exe

windows7_x64

78782fd324...34.exe

windows10_x64

Analysis

max time kernel
125s
max time network
127s
platform
windows10_x64
resource
win10v20210410
submitted
12-05-2021 19:34

Sharing

Copy URL

Twitter E-mail

Static task

static1

upx

Behavioral task

behavioral1

Sample

1667e1635736f2b2ba9727457f995a67201ddcd818496c9296713ffa18e17a43.exe

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1667e1635736f2b2ba9727457f995a67201ddcd818496c9296713ffa18e17a43.exe

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

17139a10fd226d01738fe9323918614aa913b2a50e1a516e95cced93fa151c61.exe

Resource

win7v20210410

darkside ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

17139a10fd226d01738fe9323918614aa913b2a50e1a516e95cced93fa151c61.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

1cc7c198a8a2c935fd6f07970479e544f5b35a8eb3173de0305ebdf76a0988cb.exe

Resource

win7v20210410

darkside ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

1cc7c198a8a2c935fd6f07970479e544f5b35a8eb3173de0305ebdf76a0988cb.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral7

Sample

243dff06fc80a049f4fb37292f8b8def0fce29768f345c88ee10699e22b0ae60.exe

Resource

win7v20210410

ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral8

Sample

243dff06fc80a049f4fb37292f8b8def0fce29768f345c88ee10699e22b0ae60.exe

Resource

win10v20210410

ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral9

Sample

27214dcb04310040c38f8d6a65fe03c14b18d4171390da271855fdd02e06768f.exe

Resource

win7v20210410

darkside ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral10

Sample

27214dcb04310040c38f8d6a65fe03c14b18d4171390da271855fdd02e06768f.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral11

Sample

3dabd40d564cf8a8163432abc38768b0a7d45f0fc1970d802dc33b9109feb6a6.exe

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral12

Sample

3dabd40d564cf8a8163432abc38768b0a7d45f0fc1970d802dc33b9109feb6a6.exe

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral13

Sample

43e61519be440115eeaa3738a0e4aa4bb3c8ac5f9bdfce1a896db17a374eb8aa.exe

Resource

win7v20210410

darkside ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral14

Sample

43e61519be440115eeaa3738a0e4aa4bb3c8ac5f9bdfce1a896db17a374eb8aa.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral15

Sample

48a848bc9e0f126b41e5ca196707412c7c40087404c0c8ed70e5cee4a418203a.exe

Resource

win7v20210410

darkside ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral16

Sample

48a848bc9e0f126b41e5ca196707412c7c40087404c0c8ed70e5cee4a418203a.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral17

Sample

508dd6f7ed6c143cf5e1ed6a4051dd8ee7b5bf4b7f55e0704d21ba785f2d5add.exe

Resource

win7v20210410

darkside ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral18

Sample

508dd6f7ed6c143cf5e1ed6a4051dd8ee7b5bf4b7f55e0704d21ba785f2d5add.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral19

Sample

516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe

Resource

win7v20210410

darkside ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral20

Sample

516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe

Resource

win10v20210410

darkside ransomware

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral21

Sample

533672da9d276012ebab3ce9f4cd09a7f537f65c6e4b63d43f0c1697e2f5e48d.exe

Resource

win7v20210410

darkside ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral22

Sample

533672da9d276012ebab3ce9f4cd09a7f537f65c6e4b63d43f0c1697e2f5e48d.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral23

Sample

6228f75f52fd69488419c0e0eb3617b5b894a566a93e52b99a9addced7364cff.exe

Resource

win7v20210410

darkside ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral24

Sample

6228f75f52fd69488419c0e0eb3617b5b894a566a93e52b99a9addced7364cff.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral25

Sample

6836ec8588b8049bcd57cd920b7a75f1e206e5e8bb316927784afadb634ea4d8.exe

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral26

Sample

6836ec8588b8049bcd57cd920b7a75f1e206e5e8bb316927784afadb634ea4d8.exe

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral27

Sample

68872cc22fbdf0c2f69c32ac878ba9a7b7cf61fe5dd0e3da200131b8b23438e7.exe

Resource

win7v20210410

darkside ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral28

Sample

68872cc22fbdf0c2f69c32ac878ba9a7b7cf61fe5dd0e3da200131b8b23438e7.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral29

Sample

691515a485b0b3989fb71c6807e640eeec1a0e30d90500db6414035d942f70a5.exe

Resource

win7v20210410

darkside ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral30

Sample

691515a485b0b3989fb71c6807e640eeec1a0e30d90500db6414035d942f70a5.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral31

Sample

78782fd324bc98a57274bd3fff8f756217c011484ebf6b614060115a699ee134.exe

Resource

win7v20210410

darkside ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral32

Sample

78782fd324bc98a57274bd3fff8f756217c011484ebf6b614060115a699ee134.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

3dabd40d564cf8a8163432abc38768b0a7d45f0fc1970d802dc33b9109feb6a6.exe
Size

59KB
MD5

c4f1a1b73e4af0fbb63af8ee89a5a7fe
SHA1

5604a48ce74124fb478049976db48197896b6743
SHA256

3dabd40d564cf8a8163432abc38768b0a7d45f0fc1970d802dc33b9109feb6a6
SHA512

67e6b184b926b1de2fa1d4c429db33b4b4146a0c5eb6929422d6ec161654fc634dce7810a1deb0befdf7d932df1edfc02251d8193272c1d1c713a1df8da32ceb

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1900 2184 WerFault.exe 3dabd40d564cf8a8163432abc38768b0a7d45f0fc1970d802dc33b9109feb6a6.exe

pid	pid_target	process	target process
1900	2184	WerFault.exe	3dabd40d564cf8a8163432abc38768b0a7d45f0fc1970d802dc33b9109feb6a6.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

Processes:

WerFault.exe

pid	process
1900	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe
1900	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

WerFault.exe

description pid process

Token: SeRestorePrivilege 1900 WerFault.exe
Token: SeBackupPrivilege 1900 WerFault.exe
Token: SeDebugPrivilege 1900 WerFault.exe

description	pid	process
Token: SeRestorePrivilege	1900	WerFault.exe
Token: SeBackupPrivilege	1900	WerFault.exe
Token: SeDebugPrivilege	1900	WerFault.exe

Processes

C:\Users\Admin\AppData\Local\Temp\3dabd40d564cf8a8163432abc38768b0a7d45f0fc1970d802dc33b9109feb6a6.exe
"C:\Users\Admin\AppData\Local\Temp\3dabd40d564cf8a8163432abc38768b0a7d45f0fc1970d802dc33b9109feb6a6.exe"
1⤵
PID:2184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 224
2⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1900

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads