Analysis

  • max time kernel
    131s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    01-01-2024 15:27

General

  • Target

    90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe

  • Size

    44KB

  • MD5

    112b36f6f558870ac332c6a86c0a9d83

  • SHA1

    faadf24ab626dcf13889b053503b3587b34d3107

  • SHA256

    90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777

  • SHA512

    1b88a607322b0a82be045d98870ff075fc2a9fd531f9c4fba799adc893830e1c4a69e2b23f88bc8b30f7943e2b42942efb2c998eddc6fa3e42c458e42e75cc20

  • SSDEEP

    384:ooQ3deOtEwC31/SllHgu/zhD+wFNf1cshmmfHsMDRiegZRF5jpmRaaaS2W:WUuB5N1KjtB3W

Malware Config

Signatures

  • Renames multiple (172) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops desktop.ini file(s) 17 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe
    "C:\Users\Admin\AppData\Local\Temp\90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Suspicious use of AdjustPrivilegeToken
    PID:848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\fLst.db

    Filesize

    4KB

    MD5

    116fefa2e784b6cc8b090b7e1d0f03ed

    SHA1

    461efd1160a0d7803ea13829b6b5af46ee9ccf5b

    SHA256

    e848cd977cedb765b35ee37dad1e91ede8a2decfb1dd30c8f3b8ff342ec305fe

    SHA512

    c2bf7cb427ba66006c0f02cc03537cd191b605ab20a70c1e845fdec2a7654aa562df780dff09542a5e8abfe540d8fa94c112e7fe3d8a0ae5ea1092f209411b83

  • C:\Users\Admin\Desktop\FILELIST.TXT

    Filesize

    24KB

    MD5

    7dbdc1d1ba5cbeace7ad267428054f5f

    SHA1

    5cab93cfcb6c708fadb188262895201e7b226e0b

    SHA256

    16167436a2fb218a8d18b3730ae6b4b8a9b6dca21314ae3e5df1a7573ec5b0ff

    SHA512

    352eca4f5c5565f667c02ad9d23792ac63cbaa726cbfe6e760a559afee980849579a9967859e2c2a0fb54323fd42dd73eff97d4dd68bc38f38a966dab2a297bf

  • C:\Users\Admin\ntuser.ini.BeethoveN

    Filesize

    328B

    MD5

    679a8cd12a048184148457d78831450d

    SHA1

    abd34eeb8797173e30a0612044b61ab3c5ae1040

    SHA256

    7c4fd916b0091d00ef22ad166f47eb6f11ddd77433bcc0e496c473e718807a7e

    SHA512

    7b92e5792eace855b13bbd80d1eb7ff5d9f217a049b359150e2d0039e9b1d9764afbab315edad658f5aa8399d6f31d335023ebf6bf848a7ff006802f81222a22

  • memory/848-0-0x0000000000300000-0x000000000030E000-memory.dmp

    Filesize

    56KB

  • memory/848-1-0x0000000074C60000-0x000000007534E000-memory.dmp

    Filesize

    6.9MB

  • memory/848-534-0x0000000074C60000-0x000000007534E000-memory.dmp

    Filesize

    6.9MB

  • memory/848-1392-0x0000000004E30000-0x0000000004E70000-memory.dmp

    Filesize

    256KB

  • memory/848-1393-0x0000000004E30000-0x0000000004E70000-memory.dmp

    Filesize

    256KB

  • memory/848-1394-0x0000000004E30000-0x0000000004E70000-memory.dmp

    Filesize

    256KB

  • memory/848-1398-0x0000000004E30000-0x0000000004E70000-memory.dmp

    Filesize

    256KB