Overview

overview

10

Static

static

10

Alex-2023-...2).zip

windows7-x64

1

Alex-2023-...2).zip

windows10-2004-x64

1

037f9434e8...53.ps1

windows7-x64

1

037f9434e8...53.ps1

windows10-2004-x64

1

05194b34f8...d4.exe

windows7-x64

1

05194b34f8...d4.exe

windows10-2004-x64

1

1285e648ef...9709ff

ubuntu-18.04-amd64

3

159fbb0d04...783614

windows7-x64

1

159fbb0d04...783614

windows10-2004-x64

1

1db1c4bf74...e85efd

ubuntu-18.04-amd64

1

1db1c4bf74...e85efd

debian-9-armhf

1

1db1c4bf74...e85efd

debian-9-mips

1

1db1c4bf74...e85efd

debian-9-mipsel

1

29dd920ac1...e5.zip

windows7-x64

1

29dd920ac1...e5.zip

windows10-2004-x64

1

2001.exe

windows7-x64

9

2001.exe

windows10-2004-x64

9

2bb60b1a8a...21.exe

windows7-x64

10

2bb60b1a8a...21.exe

windows10-2004-x64

10

6698f8ffb7...880c94

windows7-x64

1

6698f8ffb7...880c94

windows10-2004-x64

1

6c109d098a...8e.exe

windows7-x64

10

6c109d098a...8e.exe

windows10-2004-x64

10

70d176272e...ef.exe

windows7-x64

1

70d176272e...ef.exe

windows10-2004-x64

1

742d89c0c1...a1.exe

windows7-x64

9

742d89c0c1...a1.exe

windows10-2004-x64

9

75cd1339c8...bc.zip

windows7-x64

1

75cd1339c8...bc.zip

windows10-2004-x64

1

Dimples#1337.jar

windows7-x64

1

Dimples#1337.jar

windows10-2004-x64

7

832e563eb3...0cee4c

windows7-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-01-2024 13:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2bb60b1a8a0a1ee7c5eb44306f6007891ff95c39b851f74ec609481e0dd08321.exe

  • Size

    40KB

  • MD5

    15a1836e659344283f44f9c5125d8083

  • SHA1

    cc175e5e55a15df5c6bcae29f7b959df0fa811ef

  • SHA256

    2bb60b1a8a0a1ee7c5eb44306f6007891ff95c39b851f74ec609481e0dd08321

  • SHA512

    9ff4161ec61881d522970f5b242d724ef17397ca4fac53fa6ce56e6dd0aa8cde88ace4037d22d91e389be0f91d78af132b727dff08baff0e902922c4700d3fdc

  • SSDEEP

    768:zM+tyzOFqhepP6cRtfi/z/gUTmPo7ZZcflOhWzp6QOE4ItEXIeAWU:zcqqMF6Oa/p8flOhWzp6QOE4ItEVAWU

Score
10/10
ransomwarespywarestealer

Malware Config

Extracted

Path

C:\PerfLogs\ENYBENY.TXT

Ransom Note
#######ENYBENY REVENGE####### Great! You a member #Enybeny community, and all files have been encrypted! Encryption - reversible modification, created for protect all your files You can buy decryptor - price 0.00000001 BTC For decrypt contact with: [email protected] OR [email protected] Free decryption as guarantee (1 file, size not 1 mb) And for free(or not) decryption please send file: UniqueKEYForAdmin.EnyBenied.Information Please not delete this note! Good luck. And please check My Computer menu #######ENYBENY REVENGE####### P.S If you deletes all copies of key, after mailing ticket to Free (or not free) decryption, set text or subject:------BEGIN ENYBENY KEY-------776f74556e3979326741774042722a576a675362777449517a38703542513739202d2041646d696e202d205453424b464a514d-------END ENYBENY KEY------

Signatures

  • Renames multiple (312) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops startup file 3 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

Processes

  • C:\Users\Admin\AppData\Local\Temp\2bb60b1a8a0a1ee7c5eb44306f6007891ff95c39b851f74ec609481e0dd08321.exe
    "C:\Users\Admin\AppData\Local\Temp\2bb60b1a8a0a1ee7c5eb44306f6007891ff95c39b851f74ec609481e0dd08321.exe"
    1⤵
    • Drops startup file
    PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\PerfLogs\ENYBENY.TXT
    Filesize

    869B

    MD5

    5566a879e5a2bade313b3d326c31b32a

    SHA1

    6494ea1500d45dd3e7fa97811447b2a22ad6514c

    SHA256

    a8c401e0a2a6ab2404b4225ecb875ffea35cd1df8b480e4ac69750f0fadfe195

    SHA512

    89e9d0268f7c8d8abe198d9212a04537f5e12ad84fe7358f737d02670264d4d7efb7f1da0e7f9e665c6eb21aac620f9baf4f8d298b159cb7d3bb3975919cbe1f

    Download Submit

  • C:\PerfLogs\ENYBENY.png
    Filesize

    20KB

    MD5

    583c1904a0e4cb6fd78f8227f3bbdfe6

    SHA1

    1e64c2a31dac1b253878731719e24b50dda1e998

    SHA256

    78fbcf2a15678a44cc5d2d33290e438f9e6ec207d7f7427e3fa34c1df9e234a0

    SHA512

    a09448933526564dffa7731dc9fec507865282f1e515b2cd112d06f48732b0d3013346e34d57e935c90861a51a178639b58b1ef744b5e6c80a5515d171366cd5

    Download Submit

  • C:\PerfLogs\UniqueKEYForAdmin.EnyBenied.Information
    Filesize

    166B

    MD5

    08d3e3df9f27a068f45537ab4f86e3f5

    SHA1

    31a6a1cc6402bd994c388696eb4dfe0ba7838d28

    SHA256

    4e652a4d0fc901e0671a5161a06ec5e03b2201eb289ac971ec9b2c084cea9ef0

    SHA512

    3f37bd9931b030f776027de9ef27e4332ddfd9a8f3fe5a16567f5c845b323949b3584ea54613f318c5e1735ec4f2f5064aac422239e34a484d6da6a10519f2a4

    Download Submit

  • memory/2680-0-0x0000000000180000-0x0000000000190000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2680-1-0x00007FF85DD80000-0x00007FF85E841000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2680-1324-0x00007FF85DD80000-0x00007FF85E841000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/2680-5549-0x00007FF85DD80000-0x00007FF85E841000-memory.dmp

    Filesize

    10.8MB

    Download