b3ca5d5244aacc4709ac02be2fa3f3525cf5f1e8bc7a8ad6ae3dfa668a8cf531

Analysis

max time kernel
116s
max time network
122s
platform
windows10_x64
resource
win10v20210410
submitted
09/06/2021, 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7dc40a9e663d516089df8a653d79bcd705425fc74caf56b32f45c4786b51ba31.exe
Size

5KB
MD5

08c1b410a3c20bcc4cd1ee2906c240af
SHA1

97864c23a1c46e30633c9c3a2ee74e3d6de262a9
SHA256

7dc40a9e663d516089df8a653d79bcd705425fc74caf56b32f45c4786b51ba31
SHA512

d11530a312f13b0e24009ba54751bc29d21144c474e8211bfdb3446ed4cac409049e3553eca117b29a2d3898612419bfd8dfc7a89da43c309c30c2fa19479d47

Score

8^/10

ransomware spyware stealer

Malware Config

Signatures

Modifies extensions of user files 13 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

description	ioc	Process
File created	C:\Users\Admin\Pictures\InitializeDismount.raw.sick	7dc40a9e663d516089df8a653d79bcd705425fc74caf56b32f45c4786b51ba31.exe
File created	C:\Users\Admin\Pictures\JoinInvoke.crw.sick	7dc40a9e663d516089df8a653d79bcd705425fc74caf56b32f45c4786b51ba31.exe
File created	C:\Users\Admin\Pictures\MoveSubmit.crw.sick	7dc40a9e663d516089df8a653d79bcd705425fc74caf56b32f45c4786b51ba31.exe
File created	C:\Users\Admin\Pictures\OptimizeResume.tiff.sick	7dc40a9e663d516089df8a653d79bcd705425fc74caf56b32f45c4786b51ba31.exe
File created	C:\Users\Admin\Pictures\ProtectCheckpoint.tif.sick	7dc40a9e663d516089df8a653d79bcd705425fc74caf56b32f45c4786b51ba31.exe
File created	C:\Users\Admin\Pictures\ConvertFromMove.tif.sick	7dc40a9e663d516089df8a653d79bcd705425fc74caf56b32f45c4786b51ba31.exe
File created	C:\Users\Admin\Pictures\CopyApprove.tif.sick	7dc40a9e663d516089df8a653d79bcd705425fc74caf56b32f45c4786b51ba31.exe
File created	C:\Users\Admin\Pictures\EditDebug.crw.sick	7dc40a9e663d516089df8a653d79bcd705425fc74caf56b32f45c4786b51ba31.exe
File created	C:\Users\Admin\Pictures\EnableStep.crw.sick	7dc40a9e663d516089df8a653d79bcd705425fc74caf56b32f45c4786b51ba31.exe
File created	C:\Users\Admin\Pictures\ResolveReceive.tif.sick	7dc40a9e663d516089df8a653d79bcd705425fc74caf56b32f45c4786b51ba31.exe
File created	C:\Users\Admin\Pictures\TestSend.crw.sick	7dc40a9e663d516089df8a653d79bcd705425fc74caf56b32f45c4786b51ba31.exe
File created	C:\Users\Admin\Pictures\ApproveGet.tif.sick	7dc40a9e663d516089df8a653d79bcd705425fc74caf56b32f45c4786b51ba31.exe
File created	C:\Users\Admin\Pictures\CompareDeny.crw.sick	7dc40a9e663d516089df8a653d79bcd705425fc74caf56b32f45c4786b51ba31.exe

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.sick	7dc40a9e663d516089df8a653d79bcd705425fc74caf56b32f45c4786b51ba31.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

C:\Users\Admin\AppData\Local\Temp\7dc40a9e663d516089df8a653d79bcd705425fc74caf56b32f45c4786b51ba31.exe
"C:\Users\Admin\AppData\Local\Temp\7dc40a9e663d516089df8a653d79bcd705425fc74caf56b32f45c4786b51ba31.exe"
1⤵
- Modifies extensions of user files
- Drops startup file
PID:3176

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3176-114-0x0000000000840000-0x0000000000841000-memory.dmp

Filesize
4KB

Download