Overview

overview

10

Static

static

10

07ba533a69...53.exe

windows7-x64

1

07ba533a69...53.exe

windows10-2004-x64

1

0e971ff0e7...8d.exe

windows7-x64

8

0e971ff0e7...8d.exe

windows10-2004-x64

8

111fb06de8...8b.exe

windows7-x64

9

111fb06de8...8b.exe

windows10-2004-x64

9

2de3cea3eb...a8.exe

windows7-x64

1

2de3cea3eb...a8.exe

windows10-2004-x64

1

327a2a4916...ca.exe

windows7-x64

8

327a2a4916...ca.exe

windows10-2004-x64

8

36c10a3e1f...d9.exe

windows7-x64

1

36c10a3e1f...d9.exe

windows10-2004-x64

1

67bf260c3e...10.exe

windows7-x64

8

67bf260c3e...10.exe

windows10-2004-x64

8

70ec1874cf...ac.exe

windows7-x64

1

70ec1874cf...ac.exe

windows10-2004-x64

1

817f5b0fcc...99.exe

windows7-x64

7

817f5b0fcc...99.exe

windows10-2004-x64

7

875a6185aa...f0.exe

windows7-x64

1

875a6185aa...f0.exe

windows10-2004-x64

1

887d386d2e...c6.exe

windows7-x64

1

887d386d2e...c6.exe

windows10-2004-x64

1

902afe35c6...16.exe

windows7-x64

10

902afe35c6...16.exe

windows10-2004-x64

10

97b6e51df2...0a.exe

windows7-x64

7

97b6e51df2...0a.exe

windows10-2004-x64

7

a4704be3a7...72.exe

windows7-x64

1

a4704be3a7...72.exe

windows10-2004-x64

1

b21f34ecfa...73.exe

windows7-x64

9

b21f34ecfa...73.exe

windows10-2004-x64

9

b75b3ff656...52.exe

windows7-x64

8

b75b3ff656...52.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    145s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-01-2024 14:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe

  • Size

    179KB

  • MD5

    8e0e472d93c3ebeb725099bc1bbe0a9a

  • SHA1

    7229e11205e794c75a65587bcef040ed345b3322

  • SHA256

    0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d

  • SHA512

    74a63a29a6ea5cfd2f7983b9828dd7a78b3d16072f5e044e795404eb67a2178ac091e15c9a29bafa7b9e7426c6aa709697cb9705ff25f7e40c9597ad1758eda3

  • SSDEEP

    3072:2Rb6HWdU1NByFMuIBRC0eXLfQzueFsB0yxfWolUJFMXNsz5SkE+pbt8ICjGs:IbeBRmXLP0yJAJFMXNXyC

Score
8/10
evasionransomwarespywarestealer

Malware Config

Signatures

  • Disables Task Manager via registry modification
    evasion
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 64 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Program crash 1 IoCs
  • Modifies Control Panel 2 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe
    "C:\Users\Admin\AppData\Local\Temp\0e971ff0e7f4cd4714931ac6bb685d91e28b34070866c9e7c976817aa5f6eb8d.exe"
    1⤵
    • Drops startup file
    • Drops desktop.ini file(s)
    • Sets desktop wallpaper using registry
    • Modifies Control Panel
    • Suspicious use of AdjustPrivilegeToken
    PID:4912
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 1936
      2⤵
      • Program crash
      PID:4988
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4912 -ip 4912
    1⤵
      PID:4380

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Package Cache\{7DAD0258-515C-3DD4-8964-BD714199E0F7}v12.0.40660\packages\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi
      Filesize

      140KB

      MD5

      5c8d1f25fa219557d1258b9c93783fd9

      SHA1

      359eabd8c7884b4893f59238191b5ed570cdd6ca

      SHA256

      7a35ddc1a8df5ddb55f282800693da33646e05670f4aab082e01913e5a75ac14

      SHA512

      0ae2fb4c4ad1134084ea7b49c920c17909ce93b426a820d9f2fe5a8667c8d9520741e14dfcc62eee5b00c59c1561a846f9da6d1eb716246a0fe424d1ff3278fa

      Download Submit

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2
      Filesize

      8KB

      MD5

      b237c13e963df4f0d117feabb0ad3099

      SHA1

      cfe2cfe495bebbe93185db3bf2a501fa7bbba2f9

      SHA256

      c1491790bbbd5f60d4041b3ff4a4f01d51f02c199503b53bddd2dbd82f32ca5d

      SHA512

      87bc7514c1ad62f1082776a9ac72958f2481d55fbed01162667fbac0203350b98a2401957779598b0b9e40d482a4c35e5206cb5d3f460d2420ad8631d9610a4a

      Download Submit

    • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\heavy_ad_intervention_opt_out.db-journal
      Filesize

      16B

      MD5

      b4a9117719656f6534c921c67700dbf0

      SHA1

      56773c00a1bfebecaeb06b25d2e3845181e45f82

      SHA256

      edb9e310ffb5d1a7a341d906812a1ac785a20e2e527bafb5ffcc048bca37931a

      SHA512

      8838b686a4865db8e523add549790ce1df8fcfb15c775fa4836ac05dc2ae7f2620c8761c9e8fe0859ed2570d0821fdc5626dee43db4d3e703b14cea5128e00de

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index
      Filesize

      32B

      MD5

      29292c6bf670594b967173c3ed92fed7

      SHA1

      8fc3e08327df95235902517f740ca84a6b96dbf5

      SHA256

      8d1c56eb2307fd760badc04ba6ec1879ea48b7a82d31def7a51022a2ab8233e2

      SHA512

      510daa536b4b518e9cdf5de9988b51ca4c8d4354e2aa316e17ed371f9442314c793ce30332a0e0aebb5c826722b0a9ea483a6e861c5f9e42752e3a6e9d0d6228

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.AccountsControl_cw5n1h2txyewy\Settings\settings.dat
      Filesize

      8KB

      MD5

      90367c55d3d69d598fada7965f44d4dc

      SHA1

      4d71b22bbdc3a6d5e06430c9eb32fde39dcd4607

      SHA256

      d7c762db77b7caa5dbfa285f8b62730437a2fcbc74586eb53f8d90b33d679a0d

      SHA512

      63ef1f720175f4d96b8ab982eb0ed5898b6c6b1783f09310ac303038b23976a1d7ab7aea7a224cd84e9615782c2099f4b8645346c603d3c60669ce36e8ffba30

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_AutoGenerated_{A5E73466-E220-8EF4-B956-A582187356D9}
      Filesize

      36KB

      MD5

      9e8b85ec748d0e6d8f6ef436dd19e19c

      SHA1

      fe890437a449fbe01994a9a159ad055ada2e85c8

      SHA256

      cafb4878f5f264d669476e86bfa5e058394fcfada7fbbe3c3ad6f8049ead01e5

      SHA512

      dcc0e9c8f2648c9883f15910f95124b5c08f872101a200e6c8f039f9180151ec1d39c81445cbcf15b82416ecd8b0f7ed071b44f199c455fe885bdfe9ce04466c

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_comexp_msc
      Filesize

      36KB

      MD5

      9773af01783294e1e18466411588c470

      SHA1

      21556c89d54f26f892ab5b84be7325116913c917

      SHA256

      442ae09cc7faa4acc4ee83854004aa4de78a7767cf4eecaf44ac8cdf1c20457f

      SHA512

      82354e0a527792931ad6e685823d9808e5a81d5057088ce30483985432577de61d3e747b61b869e78e7781ae351a4b1334c3c676e516db194d5f2dab92ba48b5

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{7f0b0531-6830-451a-9b7c-630b666dd27f}\0.1.filtertrie.intermediate.txt
      Filesize

      16B

      MD5

      6479b3fa7421704f2e40db44db29c444

      SHA1

      830346e83b02d5c02176a50f9a5d96a3c6f6ccb1

      SHA256

      9f1eb79a410308bd2a5d91645f20383c72880a8bb20c65e807bd5202ba07a9be

      SHA512

      30b1769b899d9f657afc56f7d80f3fcb559aabc491badf17f7a55245f982b4af64ab6c8691cd8a4beb159f595f223d8b3f913a540d84926b7a4aa745ef69ee09

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Settings_{7f0b0531-6830-451a-9b7c-630b666dd27f}\0.2.filtertrie.intermediate.txt
      Filesize

      16B

      MD5

      9f8f8c546c8d493adca34557c911a0ab

      SHA1

      de07adc76147e40ca5b5b814c618a35b0883341e

      SHA256

      4a4a9714e9ee704deab4d0870033c2f76fcf8714e8e1abfb2590a2075736ea0c

      SHA512

      f943b2aec509ed3787d9e0093456f6bc244cf9452194d27fe049e9ff48d596b61fe0e7857d133e6ebe91bbe599f9019dee4785ac1a39532731b195ffe3c7c608

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471124561211919.txt
      Filesize

      77KB

      MD5

      b41e09a67ada3b7992cb01a148dcad66

      SHA1

      a2e854331ae43c537b8d2e50d876933af3f13588

      SHA256

      05d79b465de39db2009233be9b024e0701c645a912e127b63b5a09b1c2d43df3

      SHA512

      ab3607cd6da04f9a3a062711fa382ae26710a397f385b744b0c64daf3390ccdb8d7bdc452c055aa0eb036094d68ae228c4d573e4124ba3c80c4076d83bd59d65

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471126443266927.txt
      Filesize

      47KB

      MD5

      3f6741b9ed76e83e82ea4b2088853f2a

      SHA1

      3906f79bd112ce6c68bc55febd803ad9f7b65170

      SHA256

      95f12dde78cd03c4ac791043a3ab390a8e4c249171fe412e9f030d4bce29fe93

      SHA512

      a1531ebb45791f984259712a12c8308de85d9177ebf9f8a124f12947709c4556a4f6f889078c81338ddcf2c3e457c439fae9cf0b34fcbba5e512a42f62622673

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471131189256905.txt
      Filesize

      64KB

      MD5

      8f29be4edd3761babc255ae766a99db9

      SHA1

      6615392061d85905ae5016b13e7cb1d4bfeca6a6

      SHA256

      87538857b55487050e6794224453a586101c5e582e76cc96e3765b889d9b907f

      SHA512

      b1183d788ac81657a4b8459e7a0eac1d2f01ad9506f45de56c57135855922af32c85bd3c616303b3d619b83b93b4e28b4cce781076cb2d96348633ed583785ad

      Download Submit

    • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133471155932594913.txt
      Filesize

      74KB

      MD5

      ab089c6b60a21f5190a7fffd471cb462

      SHA1

      7de0aa7d2352598c9ad79f368f5bfee53f475349

      SHA256

      de30c0d11e8a8d5a0b560e2d8d26355f3f9da932ef0acd4a62df4e37b681c3d7

      SHA512

      3e9d4246f56ca26ebcd5b67d9ae6f5dc11e7bdd2508b59584cc6750671de2cc33b845352e6774f9c148d056eed3437da0bdce015a6e4fc4289a6cdccb13a3e6a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\wctEFAF.tmp
      Filesize

      63KB

      MD5

      3cf39948ab76faaed1940799a23b6f81

      SHA1

      3a48be084d545aa78fa05660150c708a8b9b1646

      SHA256

      24e9f6a7c7ac4f28e8c7322e7fc4c960cc1c0535a16ced22d77d0210616a1deb

      SHA512

      8282ab0a474a979eccc662a5338d93d364816dfeefee3e50e7fa872c2c8a84b1432f89f01df90ced19578f00d13b912590c3c01b653be381f4e71d5aea2d9ad5

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sqqfzpo5.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite
      Filesize

      48KB

      MD5

      b86809ef68962a5ad1a78db163249efb

      SHA1

      a41a5e4b4c184944c2d85b28d521f4a5f39d1820

      SHA256

      b73a4b8c545b95821bdd716351e77acf7f939472a5f4cf0d11303107fa8c5754

      SHA512

      220779fe919445c925782f4bc58935accea445145ae86d08e3f96ac520419382f6cb375a92586e0f40185d4d294941b1df328416e4d6a088b343ffdf22b923ee

      Download Submit

    • memory/4912-1383-0x0000000074FA0000-0x0000000075750000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4912-1551-0x0000000005610000-0x0000000005620000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4912-2-0x0000000005980000-0x0000000005F24000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/4912-0-0x0000000000AA0000-0x0000000000AD4000-memory.dmp

      Filesize

      208KB

      Download

    • memory/4912-1-0x0000000074FA0000-0x0000000075750000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4912-5-0x0000000005570000-0x000000000557A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/4912-4-0x0000000005610000-0x0000000005620000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4912-3-0x00000000054C0000-0x0000000005552000-memory.dmp

      Filesize

      584KB

      Download

    • memory/4912-2333-0x0000000074FA0000-0x0000000075750000-memory.dmp

      Filesize

      7.7MB

      Download