7529970855e64a5bef4c31b4670348e21810c56ccc1bfaba8ddfd50cf483b863

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 13:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2bb60b1a8a0a1ee7c5eb44306f6007891ff95c39b851f74ec609481e0dd08321.exe
Size

40KB
MD5

15a1836e659344283f44f9c5125d8083
SHA1

cc175e5e55a15df5c6bcae29f7b959df0fa811ef
SHA256

2bb60b1a8a0a1ee7c5eb44306f6007891ff95c39b851f74ec609481e0dd08321
SHA512

9ff4161ec61881d522970f5b242d724ef17397ca4fac53fa6ce56e6dd0aa8cde88ace4037d22d91e389be0f91d78af132b727dff08baff0e902922c4700d3fdc
SSDEEP

768:zM+tyzOFqhepP6cRtfi/z/gUTmPo7ZZcflOhWzp6QOE4ItEXIeAWU:zcqqMF6Oa/p8flOhWzp6QOE4ItEVAWU

Score

10^/10

ransomware spyware stealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ENYBENY.TXT

Ransom Note

#######ENYBENY REVENGE####### Great! You a member #Enybeny community, and all files have been encrypted! Encryption - reversible modification, created for protect all your files You can buy decryptor - price 0.00000001 BTC For decrypt contact with: [email protected] OR [email protected] Free decryption as guarantee (1 file, size not 1 mb) And for free(or not) decryption please send file: UniqueKEYForAdmin.EnyBenied.Information Please not delete this note! Good luck. And please check My Computer menu #######ENYBENY REVENGE####### P.S If you deletes all copies of key, after mailing ticket to Free (or not free) decryption, set text or subject:------BEGIN ENYBENY KEY-------484d534051385e5364642f496f38496f333d4c6c2a6a79346944316c55774958202d2041646d696e202d205842544c4442484e-------END ENYBENY KEY------

Emails

[email protected]

Signatures

Renames multiple (142) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

C:\Users\Admin\AppData\Local\Temp\2bb60b1a8a0a1ee7c5eb44306f6007891ff95c39b851f74ec609481e0dd08321.exe
"C:\Users\Admin\AppData\Local\Temp\2bb60b1a8a0a1ee7c5eb44306f6007891ff95c39b851f74ec609481e0dd08321.exe"
1⤵
PID:1944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ENYBENY.TXT

Filesize
869B

MD5
db96bc38520da4a349f1cc759d3262b0

SHA1
634d8ab3c22e24df3ed847412abec3a38e358f4a

SHA256
9f1f1611885ab36df2fd937a5d0624f517eadf7ca1d674978dac0ac70b6be69d

SHA512
763d96d3167c3b36a64fb5d210fc59fe4051c61d5b2e35eb948751f7ddde1bbf4b78e2c06ed6425dc554ee4b4a110e9061cef95a61a18bdcc99aef491f27966c

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\ENYBENY.png

Filesize
20KB

MD5
583c1904a0e4cb6fd78f8227f3bbdfe6

SHA1
1e64c2a31dac1b253878731719e24b50dda1e998

SHA256
78fbcf2a15678a44cc5d2d33290e438f9e6ec207d7f7427e3fa34c1df9e234a0

SHA512
a09448933526564dffa7731dc9fec507865282f1e515b2cd112d06f48732b0d3013346e34d57e935c90861a51a178639b58b1ef744b5e6c80a5515d171366cd5

Download Submit
C:\MSOCache\All Users\{90140000-0016-0409-0000-0000000FF1CE}-C\UniqueKEYForAdmin.EnyBenied.Information

Filesize
166B

MD5
ceeee494047b44147c7e2ba6c556d3c4

SHA1
2a78146ba1b94a98977e939bc7091bf97e8178bb

SHA256
e1de41204bd3b11e1c873bcf5ba0f742c9658f44da85f5c43040cad82815933c

SHA512
c7e64b216fb2ee253d8a2b3d050bb0feaced4f2f2c0ef356063e0a593813e64705ef83d0d82217e2af946b7159148f4a48efabcd75bc9c9c6f4e0938dc34ab7e

Download Submit
memory/1944-0-0x0000000000190000-0x00000000001A0000-memory.dmp

Filesize
64KB

Download
memory/1944-1-0x000007FEF57B0000-0x000007FEF619C000-memory.dmp

Filesize
9.9MB

Download
memory/1944-2-0x000000001B440000-0x000000001B4C0000-memory.dmp

Filesize
512KB

Download
memory/1944-3-0x000000001B440000-0x000000001B4C0000-memory.dmp

Filesize
512KB

Download
memory/1944-54-0x000007FEF57B0000-0x000007FEF619C000-memory.dmp

Filesize
9.9MB

Download
memory/1944-59-0x000000001B440000-0x000000001B4C0000-memory.dmp

Filesize
512KB

Download
memory/1944-82-0x000000001B440000-0x000000001B4C0000-memory.dmp

Filesize
512KB

Download
memory/1944-2472-0x000007FEF57B0000-0x000007FEF619C000-memory.dmp

Filesize
9.9MB

Download