Overview

overview

10

Static

static

10

07ba533a69...53.exe

windows7-x64

1

07ba533a69...53.exe

windows10-2004-x64

1

0e971ff0e7...8d.exe

windows7-x64

8

0e971ff0e7...8d.exe

windows10-2004-x64

8

111fb06de8...8b.exe

windows7-x64

9

111fb06de8...8b.exe

windows10-2004-x64

9

2de3cea3eb...a8.exe

windows7-x64

1

2de3cea3eb...a8.exe

windows10-2004-x64

1

327a2a4916...ca.exe

windows7-x64

8

327a2a4916...ca.exe

windows10-2004-x64

8

36c10a3e1f...d9.exe

windows7-x64

1

36c10a3e1f...d9.exe

windows10-2004-x64

8

67bf260c3e...10.exe

windows7-x64

8

67bf260c3e...10.exe

windows10-2004-x64

8

70ec1874cf...ac.exe

windows7-x64

1

70ec1874cf...ac.exe

windows10-2004-x64

1

817f5b0fcc...99.exe

windows7-x64

7

817f5b0fcc...99.exe

windows10-2004-x64

7

875a6185aa...f0.exe

windows7-x64

1

875a6185aa...f0.exe

windows10-2004-x64

1

887d386d2e...c6.exe

windows7-x64

1

887d386d2e...c6.exe

windows10-2004-x64

1

902afe35c6...16.exe

windows7-x64

10

902afe35c6...16.exe

windows10-2004-x64

10

97b6e51df2...0a.exe

windows7-x64

7

97b6e51df2...0a.exe

windows10-2004-x64

7

a4704be3a7...72.exe

windows7-x64

1

a4704be3a7...72.exe

windows10-2004-x64

1

b21f34ecfa...73.exe

windows7-x64

9

b21f34ecfa...73.exe

windows10-2004-x64

9

b75b3ff656...52.exe

windows7-x64

8

b75b3ff656...52.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    512s
  • max time network
    522s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-01-2024 14:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe

  • Size

    179KB

  • MD5

    8e0e472d93c3ebeb725099bc1bbe0a9a

  • SHA1

    7229e11205e794c75a65587bcef040ed345b3322

  • SHA256

    0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d

  • SHA512

    74a63a29a6ea5cfd2f7983b9828dd7a78b3d16072f5e044e795404eb67a2178ac091e15c9a29bafa7b9e7426c6aa709697cb9705ff25f7e40c9597ad1758eda3

  • SSDEEP

    3072:2Rb6HWdU1NByFMuIBRC0eXLfQzueFsB0yxfWolUJFMXNsz5SkE+pbt8ICjGs:IbeBRmXLP0yJAJFMXNXyC

Score
8/10
evasionransomwarespywarestealer

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 64 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Program crash 1 IoCs
  • Modifies Control Panel 2 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
    "C:\Users\Admin\AppData\Local\Temp\0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe"
    1⤵
    • Drops startup file
    • Drops desktop.ini file(s)
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of AdjustPrivilegeToken
    PID:5080
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 1916
      2⤵
      • Program crash
      PID:436
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 5080 -ip 5080
    1⤵
      PID:3316

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi
      Filesize

      140KB

      MD5

      5c8d1f25fa219557d1258b9c93783fd9

      SHA1

      359eabd8c7884b4893f59238191b5ed570cdd6ca

      SHA256

      7a35ddc1a8df5ddb55f282800693da33646e05670f4aab082e01913e5a75ac14

      SHA512

      0ae2fb4c4ad1134084ea7b49c920c17909ce93b426a820d9f2fe5a8667c8d9520741e14dfcc62eee5b00c59c1561a846f9da6d1eb716246a0fe424d1ff3278fa

      Download Submit

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT
      Filesize

      32B

      MD5

      18c56db96815734b5521bf557cee80ec

      SHA1

      bc2756f414f7a826de73ca99a8fbbc3cc690793c

      SHA256

      3765860805728f7d7a6812696dc8d37e51a8161b43da5337cd954e03c00cede1

      SHA512

      a974685429db9d5d6f95251b79657b8ec7961a7c5ee4d879c89c680d45b0bc082f0579661d2e1771416f3a0a68d8b1bef7dd1739f0f90de73933ad79f20e02e8

      Download Submit

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001
      Filesize

      48B

      MD5

      b1bb80d2a01caa6dc8b7b38d977618d8

      SHA1

      f27b68e75b91bb1cac1d1d16abd30f6e411027a8

      SHA256

      514d2332188efa440110d2bf09017f0e0ba4477664b5ad8172c01b1de052db79

      SHA512

      69df8239bd121cb2fdc4d94b4f0cf8e451ece8a0e7f3694aab32d91e06349d0ee166ee9bb5dd9684662886432a3fd76ea762b61dab121eb21ff47100bc936a02

      Download Submit

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db-journal
      Filesize

      16B

      MD5

      b4a9117719656f6534c921c67700dbf0

      SHA1

      56773c00a1bfebecaeb06b25d2e3845181e45f82

      SHA256

      edb9e310ffb5d1a7a341d906812a1ac785a20e2e527bafb5ffcc048bca37931a

      SHA512

      8838b686a4865db8e523add549790ce1df8fcfb15c775fa4836ac05dc2ae7f2620c8761c9e8fe0859ed2570d0821fdc5626dee43db4d3e703b14cea5128e00de

      Download Submit

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_0
      Filesize

      8KB

      MD5

      9683ea38a8de0324144e8ff032ed8b53

      SHA1

      905ac7481927b9d9a0beb04678ab83a5da1b1b04

      SHA256

      01a11ee84e401b944741f1dd9802084fe3d6baa7134f976cacf9996e5759a85a

      SHA512

      9106a1b8f1cae35ecf48ccc95bbd1fef976b2521b7bedf4514553ed4b215d4ba6d49b0e4221867ea5308ce95b52b865d05018c1ab0a67981a2f18ed545703f63

      Download Submit

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
      Filesize

      264KB

      MD5

      610fd4523af49cbb335b2d242807780c

      SHA1

      b39b204aef74df4319fb9fcbc39db70a1d35d8ae

      SHA256

      9e43a6ad85ca19b792d1994e828a6ef5edb508a0dd22fd31ca4251bdd1a6b4ff

      SHA512

      3ea60f0edd540becef8e85574864539f64853d4831613c28fb70d5cf33308d7e034813f2c4910b4472bf53839721de45af23c6e4efc53f248dbed100f3815a78

      Download Submit

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_2
      Filesize

      8KB

      MD5

      b237c13e963df4f0d117feabb0ad3099

      SHA1

      cfe2cfe495bebbe93185db3bf2a501fa7bbba2f9

      SHA256

      c1491790bbbd5f60d4041b3ff4a4f01d51f02c199503b53bddd2dbd82f32ca5d

      SHA512

      87bc7514c1ad62f1082776a9ac72958f2481d55fbed01162667fbac0203350b98a2401957779598b0b9e40d482a4c35e5206cb5d3f460d2420ad8631d9610a4a

      Download Submit

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_3
      Filesize

      8KB

      MD5

      77f3bdfe6cc59eea288cdd302d825569

      SHA1

      6419312a762bd093472d57ae7f6430747d41453d

      SHA256

      ca0345eb93a6eaa237a37337300aad87e14c8d837a7cd9c2b3aca782f3ee9699

      SHA512

      ea2f46456d9f2f72a4d1f969a6fffc1a883fa306d5c3ce24a8119346f4f3dc3768732d0a1fdaa23630a3f4ebf2bb8d1ab88d7a029a784bd57af41ab6aaff0767

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index
      Filesize

      32B

      MD5

      29292c6bf670594b967173c3ed92fed7

      SHA1

      8fc3e08327df95235902517f740ca84a6b96dbf5

      SHA256

      8d1c56eb2307fd760badc04ba6ec1879ea48b7a82d31def7a51022a2ab8233e2

      SHA512

      510daa536b4b518e9cdf5de9988b51ca4c8d4354e2aa316e17ed371f9442314c793ce30332a0e0aebb5c826722b0a9ea483a6e861c5f9e42752e3a6e9d0d6228

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01res00002.jrs
      Filesize

      512KB

      MD5

      ea758ded7c85cdf8acbe6921c15ec2be

      SHA1

      41f50c0086a3512b87ce910febc89b3eb167aafb

      SHA256

      bb08bcca2744966fe4ff276708d9a734ed58ddb36b801abef4289daba8cfcf0d

      SHA512

      c32dfbe9f10b108019493835612b6d51dcd8d6a038bc10a386c4fa7403db554f322dd83fbb91874e6f914dfa4d09123d2615e48dde63d972e2a2b9c1523618d0

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat
      Filesize

      8KB

      MD5

      90367c55d3d69d598fada7965f44d4dc

      SHA1

      4d71b22bbdc3a6d5e06430c9eb32fde39dcd4607

      SHA256

      d7c762db77b7caa5dbfa285f8b62730437a2fcbc74586eb53f8d90b33d679a0d

      SHA512

      63ef1f720175f4d96b8ab982eb0ed5898b6c6b1783f09310ac303038b23976a1d7ab7aea7a224cd84e9615782c2099f4b8645346c603d3c60669ce36e8ffba30

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{A5E73466-E220-8EF4-B956-A582187356D9}
      Filesize

      36KB

      MD5

      9e8b85ec748d0e6d8f6ef436dd19e19c

      SHA1

      fe890437a449fbe01994a9a159ad055ada2e85c8

      SHA256

      cafb4878f5f264d669476e86bfa5e058394fcfada7fbbe3c3ad6f8049ead01e5

      SHA512

      dcc0e9c8f2648c9883f15910f95124b5c08f872101a200e6c8f039f9180151ec1d39c81445cbcf15b82416ecd8b0f7ed071b44f199c455fe885bdfe9ce04466c

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc
      Filesize

      36KB

      MD5

      9773af01783294e1e18466411588c470

      SHA1

      21556c89d54f26f892ab5b84be7325116913c917

      SHA256

      442ae09cc7faa4acc4ee83854004aa4de78a7767cf4eecaf44ac8cdf1c20457f

      SHA512

      82354e0a527792931ad6e685823d9808e5a81d5057088ce30483985432577de61d3e747b61b869e78e7781ae351a4b1334c3c676e516db194d5f2dab92ba48b5

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{4109be45-7b93-4c07-a7f5-df45282c66de}\0.1.filtertrie.intermediate.txt
      Filesize

      16B

      MD5

      6479b3fa7421704f2e40db44db29c444

      SHA1

      830346e83b02d5c02176a50f9a5d96a3c6f6ccb1

      SHA256

      9f1eb79a410308bd2a5d91645f20383c72880a8bb20c65e807bd5202ba07a9be

      SHA512

      30b1769b899d9f657afc56f7d80f3fcb559aabc491badf17f7a55245f982b4af64ab6c8691cd8a4beb159f595f223d8b3f913a540d84926b7a4aa745ef69ee09

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{4109be45-7b93-4c07-a7f5-df45282c66de}\0.2.filtertrie.intermediate.txt
      Filesize

      16B

      MD5

      9f8f8c546c8d493adca34557c911a0ab

      SHA1

      de07adc76147e40ca5b5b814c618a35b0883341e

      SHA256

      4a4a9714e9ee704deab4d0870033c2f76fcf8714e8e1abfb2590a2075736ea0c

      SHA512

      f943b2aec509ed3787d9e0093456f6bc244cf9452194d27fe049e9ff48d596b61fe0e7857d133e6ebe91bbe599f9019dee4785ac1a39532731b195ffe3c7c608

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471186477439821.txt
      Filesize

      77KB

      MD5

      eb3462af0de7837244f043f9b90c6b04

      SHA1

      b6b56940b7686e9e00e79fe67ba030da337c358d

      SHA256

      a7f6669b7e7b623a977589b88619d8ad1f8d227dd6d6af04e3d780c3da9f65f3

      SHA512

      e3fe3d28dfccafac47b58b94713684fce8e2c54a179787e5153242190c758950ad122067f2c37aef54e7103b0ae45e43a11d8cdea6661defb20dea6c4c6e0be9

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471188466703690.txt
      Filesize

      47KB

      MD5

      3f6741b9ed76e83e82ea4b2088853f2a

      SHA1

      3906f79bd112ce6c68bc55febd803ad9f7b65170

      SHA256

      95f12dde78cd03c4ac791043a3ab390a8e4c249171fe412e9f030d4bce29fe93

      SHA512

      a1531ebb45791f984259712a12c8308de85d9177ebf9f8a124f12947709c4556a4f6f889078c81338ddcf2c3e457c439fae9cf0b34fcbba5e512a42f62622673

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471195450242450.txt
      Filesize

      66KB

      MD5

      2b296d850b8f950cb23b71f6a1ea9de4

      SHA1

      8d565cebf89499a2e7a827e5b944e2be7e466f9a

      SHA256

      ccab7bc643f28cce9d3cb60682026dc430984b5db9d0a3756569b750e7c28f7b

      SHA512

      af80441e9a4b645f7dc220bf72876a1f0b2420ee0b79f7b22b6b061b24e4d0f0ce4dd9d9d7b014dd595b8403e6dc66a11d399c600346433b3382253a96bdcef2

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471208912841475.txt
      Filesize

      74KB

      MD5

      ab089c6b60a21f5190a7fffd471cb462

      SHA1

      7de0aa7d2352598c9ad79f368f5bfee53f475349

      SHA256

      de30c0d11e8a8d5a0b560e2d8d26355f3f9da932ef0acd4a62df4e37b681c3d7

      SHA512

      3e9d4246f56ca26ebcd5b67d9ae6f5dc11e7bdd2508b59584cc6750671de2cc33b845352e6774f9c148d056eed3437da0bdce015a6e4fc4289a6cdccb13a3e6a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\wctC687.tmp
      Filesize

      63KB

      MD5

      3cf39948ab76faaed1940799a23b6f81

      SHA1

      3a48be084d545aa78fa05660150c708a8b9b1646

      SHA256

      24e9f6a7c7ac4f28e8c7322e7fc4c960cc1c0535a16ced22d77d0210616a1deb

      SHA512

      8282ab0a474a979eccc662a5338d93d364816dfeefee3e50e7fa872c2c8a84b1432f89f01df90ced19578f00d13b912590c3c01b653be381f4e71d5aea2d9ad5

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\eg7x8yxg.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
      Filesize

      48KB

      MD5

      c370fdd3d9764af3c4fb9a99bc2d0a91

      SHA1

      3bbf969f5b6d5ac94beb6c3ada8fb589f1b6ed07

      SHA256

      d2fd2eb9c3108637a0aaf5b22afb2b9ba752b1d4fa98104c94ce74f02712ae7b

      SHA512

      85e6a108bf654e7d54dc08305fb9d7a04e726da087108d5f2ea1ae5d5d55517f05a5080edd5617cb7ffecf5f123f02763ff92446803dd2db45f3d3fbf60286f7

      Download Submit

    • memory/5080-4-0x0000000005850000-0x0000000005860000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5080-0-0x0000000000BB0000-0x0000000000BE4000-memory.dmp

      Filesize

      208KB

      Download

    • memory/5080-2-0x0000000005B00000-0x00000000060A4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/5080-3-0x00000000055F0000-0x0000000005682000-memory.dmp

      Filesize

      584KB

      Download

    • memory/5080-139-0x0000000005850000-0x0000000005860000-memory.dmp

      Filesize

      64KB

      Download

    • memory/5080-5-0x00000000055E0000-0x00000000055EA000-memory.dmp

      Filesize

      40KB

      Download

    • memory/5080-136-0x0000000074490000-0x0000000074C40000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/5080-1-0x0000000074490000-0x0000000074C40000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/5080-2398-0x0000000074490000-0x0000000074C40000-memory.dmp

      Filesize

      7.7MB

      Download