0f808fd3ecf9d722aafeee46b57aad4d07f39c98be6f6148be979ed470cf0a99

Submit
Reports

Overview

overview

Static

static

1667e16357...43.exe

windows7_x64

1667e16357...43.exe

windows10_x64

17139a10fd...61.exe

windows7_x64

17139a10fd...61.exe

windows10_x64

1cc7c198a8...cb.exe

windows7_x64

1cc7c198a8...cb.exe

windows10_x64

243dff06fc...60.exe

windows7_x64

243dff06fc...60.exe

windows10_x64

27214dcb04...8f.exe

windows7_x64

27214dcb04...8f.exe

windows10_x64

3dabd40d56...a6.exe

windows7_x64

3dabd40d56...a6.exe

windows10_x64

43e61519be...aa.exe

windows7_x64

43e61519be...aa.exe

windows10_x64

48a848bc9e...3a.exe

windows7_x64

48a848bc9e...3a.exe

windows10_x64

508dd6f7ed...dd.exe

windows7_x64

508dd6f7ed...dd.exe

windows10_x64

516664139b...4b.exe

windows7_x64

516664139b...4b.exe

windows10_x64

533672da9d...8d.exe

windows7_x64

533672da9d...8d.exe

windows10_x64

6228f75f52...ff.exe

windows7_x64

6228f75f52...ff.exe

windows10_x64

6836ec8588...d8.exe

windows7_x64

6836ec8588...d8.exe

windows10_x64

68872cc22f...e7.exe

windows7_x64

68872cc22f...e7.exe

windows10_x64

691515a485...a5.exe

windows7_x64

691515a485...a5.exe

windows10_x64

78782fd324...34.exe

windows7_x64

78782fd324...34.exe

windows10_x64

Resubmissions

27-01-2024 19:37

240127-yb5pksafd3 10

27-01-2024 19:36

240127-ybqwesafc2 10

12-05-2021 15:56

210512-db4t7vmwas 10

Analysis

max time kernel
116s
max time network
119s
platform
windows10_x64
resource
win10v20210410
submitted
12-05-2021 15:56

Sharing

Copy URL

Twitter E-mail

Static task

static1

upx

Behavioral task

behavioral1

Sample

1667e1635736f2b2ba9727457f995a67201ddcd818496c9296713ffa18e17a43.exe

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1667e1635736f2b2ba9727457f995a67201ddcd818496c9296713ffa18e17a43.exe

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

17139a10fd226d01738fe9323918614aa913b2a50e1a516e95cced93fa151c61.exe

Resource

win7v20210410

darkside ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

17139a10fd226d01738fe9323918614aa913b2a50e1a516e95cced93fa151c61.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

1cc7c198a8a2c935fd6f07970479e544f5b35a8eb3173de0305ebdf76a0988cb.exe

Resource

win7v20210410

darkside ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

1cc7c198a8a2c935fd6f07970479e544f5b35a8eb3173de0305ebdf76a0988cb.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral7

Sample

243dff06fc80a049f4fb37292f8b8def0fce29768f345c88ee10699e22b0ae60.exe

Resource

win7v20210410

ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral8

Sample

243dff06fc80a049f4fb37292f8b8def0fce29768f345c88ee10699e22b0ae60.exe

Resource

win10v20210410

ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral9

Sample

27214dcb04310040c38f8d6a65fe03c14b18d4171390da271855fdd02e06768f.exe

Resource

win7v20210410

darkside ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral10

Sample

27214dcb04310040c38f8d6a65fe03c14b18d4171390da271855fdd02e06768f.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral11

Sample

3dabd40d564cf8a8163432abc38768b0a7d45f0fc1970d802dc33b9109feb6a6.exe

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral12

Sample

3dabd40d564cf8a8163432abc38768b0a7d45f0fc1970d802dc33b9109feb6a6.exe

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral13

Sample

43e61519be440115eeaa3738a0e4aa4bb3c8ac5f9bdfce1a896db17a374eb8aa.exe

Resource

win7v20210410

darkside ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral14

Sample

43e61519be440115eeaa3738a0e4aa4bb3c8ac5f9bdfce1a896db17a374eb8aa.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral15

Sample

48a848bc9e0f126b41e5ca196707412c7c40087404c0c8ed70e5cee4a418203a.exe

Resource

win7v20210410

darkside ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral16

Sample

48a848bc9e0f126b41e5ca196707412c7c40087404c0c8ed70e5cee4a418203a.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral17

Sample

508dd6f7ed6c143cf5e1ed6a4051dd8ee7b5bf4b7f55e0704d21ba785f2d5add.exe

Resource

win7v20210410

darkside ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral18

Sample

508dd6f7ed6c143cf5e1ed6a4051dd8ee7b5bf4b7f55e0704d21ba785f2d5add.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral19

Sample

516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe

Resource

win7v20210410

darkside ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral20

Sample

516664139b0ddd044397a56482d7308d87c213c320a3151ccb9738e8f932654b.exe

Resource

win10v20210410

darkside ransomware

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral21

Sample

533672da9d276012ebab3ce9f4cd09a7f537f65c6e4b63d43f0c1697e2f5e48d.exe

Resource

win7v20210410

darkside ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral22

Sample

533672da9d276012ebab3ce9f4cd09a7f537f65c6e4b63d43f0c1697e2f5e48d.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral23

Sample

6228f75f52fd69488419c0e0eb3617b5b894a566a93e52b99a9addced7364cff.exe

Resource

win7v20210410

darkside ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral24

Sample

6228f75f52fd69488419c0e0eb3617b5b894a566a93e52b99a9addced7364cff.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral25

Sample

6836ec8588b8049bcd57cd920b7a75f1e206e5e8bb316927784afadb634ea4d8.exe

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral26

Sample

6836ec8588b8049bcd57cd920b7a75f1e206e5e8bb316927784afadb634ea4d8.exe

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral27

Sample

68872cc22fbdf0c2f69c32ac878ba9a7b7cf61fe5dd0e3da200131b8b23438e7.exe

Resource

win7v20210410

darkside ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral28

Sample

68872cc22fbdf0c2f69c32ac878ba9a7b7cf61fe5dd0e3da200131b8b23438e7.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral29

Sample

691515a485b0b3989fb71c6807e640eeec1a0e30d90500db6414035d942f70a5.exe

Resource

win7v20210410

darkside ransomware spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral30

Sample

691515a485b0b3989fb71c6807e640eeec1a0e30d90500db6414035d942f70a5.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral31

Sample

78782fd324bc98a57274bd3fff8f756217c011484ebf6b614060115a699ee134.exe

Resource

win7v20210410

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral32

Sample

78782fd324bc98a57274bd3fff8f756217c011484ebf6b614060115a699ee134.exe

Resource

win10v20210410

darkside ransomware spyware stealer

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

1667e1635736f2b2ba9727457f995a67201ddcd818496c9296713ffa18e17a43.exe
Size

40KB
MD5

1a700f845849e573ab3148daef1a3b0b
SHA1

c91ff86a88038b00d9190ebb01e6f8c94b0c83e0
SHA256

1667e1635736f2b2ba9727457f995a67201ddcd818496c9296713ffa18e17a43
SHA512

d7fcf0ef26bbe1d6104c098711ccdfd33655e62045f6975dd3c48ab34888c83b771dfd07682004943bab86b2dbcb7905364becead09c37de3da0b28e8265dc81

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2400	3048	WerFault.exe	68

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe
2400	WerFault.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeRestorePrivilege	2400	WerFault.exe
Token: SeBackupPrivilege	2400	WerFault.exe
Token: SeDebugPrivilege	2400	WerFault.exe

Processes

C:\Users\Admin\AppData\Local\Temp\1667e1635736f2b2ba9727457f995a67201ddcd818496c9296713ffa18e17a43.exe
"C:\Users\Admin\AppData\Local\Temp\1667e1635736f2b2ba9727457f995a67201ddcd818496c9296713ffa18e17a43.exe"
1⤵
PID:3048
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 224
  2⤵
  - Program crash
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2400

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads