Overview
overview
10Static
static
10samples5.zip
windows7-x64
1samples5.zip
windows10-2004-x64
1104b5623d8...d3.exe
windows7-x64
1104b5623d8...d3.exe
windows10-2004-x64
1160010289c...02.exe
windows7-x64
1160010289c...02.exe
windows10-2004-x64
11a757d4aa5...6f.exe
windows7-x64
11a757d4aa5...6f.exe
windows10-2004-x64
121ff399e57...56.dll
windows7-x64
121ff399e57...56.dll
windows10-2004-x64
13c311150e2...bf.exe
windows7-x64
13c311150e2...bf.exe
windows10-2004-x64
13efe068c64...0f.exe
windows7-x64
33efe068c64...0f.exe
windows10-2004-x64
3403be0442e...17.exe
windows7-x64
10403be0442e...17.exe
windows10-2004-x64
1049c96478e9...66.exe
windows7-x64
649c96478e9...66.exe
windows10-2004-x64
65154914351...a7.exe
windows7-x64
15154914351...a7.exe
windows10-2004-x64
1616ea8ac34...858437
windows7-x64
1616ea8ac34...858437
windows10-2004-x64
16a637e90e0...bc.exe
windows7-x64
106a637e90e0...bc.exe
windows10-2004-x64
9759c06eedc...4c.dll
windows7-x64
10759c06eedc...4c.dll
windows10-2004-x64
1085cad059cc...20.exe
windows7-x64
185cad059cc...20.exe
windows10-2004-x64
18ca6b7929e...3c.exe
windows7-x64
108ca6b7929e...3c.exe
windows10-2004-x64
990ef3f841b...77.exe
windows7-x64
990ef3f841b...77.exe
windows10-2004-x64
9Analysis
-
max time kernel
131s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
01-01-2024 15:27
Behavioral task
behavioral1
Sample
samples5.zip
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
samples5.zip
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
104b5623d8edd7e56d7e824d900ef57cc085ad7b2935c794af58de87d4f8c2d3.exe
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
104b5623d8edd7e56d7e824d900ef57cc085ad7b2935c794af58de87d4f8c2d3.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
160010289cc38de42f7b75fa817a6ef7931bfd8aa1370fb09559b2e035e05702.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
160010289cc38de42f7b75fa817a6ef7931bfd8aa1370fb09559b2e035e05702.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
1a757d4aa506d48a09ed5cf0c8f21b6d65a55f5e8aa736873a9e523c4278156f.exe
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
1a757d4aa506d48a09ed5cf0c8f21b6d65a55f5e8aa736873a9e523c4278156f.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral9
Sample
21ff399e57cc306a1ae1daab6009ea40c8aa96c39296d0f8781626de6bd19256.dll
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
21ff399e57cc306a1ae1daab6009ea40c8aa96c39296d0f8781626de6bd19256.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
3c311150e20d76edd9274cec783068667637b6b5f3b6e1a5031a8605b895fabf.exe
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
3c311150e20d76edd9274cec783068667637b6b5f3b6e1a5031a8605b895fabf.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
3efe068c644c96fff2a25a7351da85bad86949878df3c7cad76d83ad2f2c340f.exe
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
3efe068c644c96fff2a25a7351da85bad86949878df3c7cad76d83ad2f2c340f.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
403be0442e847aee7ca7553e19672112450f2e034180a1f57eb8a6d7d39b8d17.exe
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
403be0442e847aee7ca7553e19672112450f2e034180a1f57eb8a6d7d39b8d17.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral17
Sample
49c96478e9d2b16219a7c86f031c5d8b241ae43550ce2fc2bea1d98fa90aa766.exe
Resource
win7-20231215-en
Behavioral task
behavioral18
Sample
49c96478e9d2b16219a7c86f031c5d8b241ae43550ce2fc2bea1d98fa90aa766.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
5154914351d1abdc308c8a76474a19560a4624194feb98118d0710efb6804aa7.exe
Resource
win7-20231215-en
Behavioral task
behavioral20
Sample
5154914351d1abdc308c8a76474a19560a4624194feb98118d0710efb6804aa7.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral21
Sample
616ea8ac34ae403d7094d53c0db11a24348f6e48eff80e254a93a1593f858437
Resource
win7-20231215-en
Behavioral task
behavioral22
Sample
616ea8ac34ae403d7094d53c0db11a24348f6e48eff80e254a93a1593f858437
Resource
win10v2004-20231222-en
Behavioral task
behavioral23
Sample
6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe
Resource
win7-20231215-en
Behavioral task
behavioral24
Sample
6a637e90e0673ee6090cc4fb47d82ab87ae7d26ffcff7a7dcafd4da167aea8bc.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral25
Sample
759c06eedcadd60ebd2aa3790eefa40d505044080cea4e1477d845611f322b4c.dll
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
759c06eedcadd60ebd2aa3790eefa40d505044080cea4e1477d845611f322b4c.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral27
Sample
85cad059cca352e70188c1744521100651a787ebabdaa8261badb0f3b6bb5020.exe
Resource
win7-20231129-en
Behavioral task
behavioral28
Sample
85cad059cca352e70188c1744521100651a787ebabdaa8261badb0f3b6bb5020.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral29
Sample
8ca6b7929ece89d8d9050ae9f1e6c1b3dfa87217272e114e464160dce036463c.exe
Resource
win7-20231215-en
Behavioral task
behavioral30
Sample
8ca6b7929ece89d8d9050ae9f1e6c1b3dfa87217272e114e464160dce036463c.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral31
Sample
90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe
Resource
win7-20231215-en
Behavioral task
behavioral32
Sample
90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe
Resource
win10v2004-20231215-en
General
-
Target
90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe
-
Size
44KB
-
MD5
112b36f6f558870ac332c6a86c0a9d83
-
SHA1
faadf24ab626dcf13889b053503b3587b34d3107
-
SHA256
90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777
-
SHA512
1b88a607322b0a82be045d98870ff075fc2a9fd531f9c4fba799adc893830e1c4a69e2b23f88bc8b30f7943e2b42942efb2c998eddc6fa3e42c458e42e75cc20
-
SSDEEP
384:ooQ3deOtEwC31/SllHgu/zhD+wFNf1cshmmfHsMDRiegZRF5jpmRaaaS2W:WUuB5N1KjtB3W
Malware Config
Signatures
-
Renames multiple (172) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s) 17 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini 90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini 90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini 90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini 90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini 90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Desktop.ini 90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini 90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini 90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini 90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini 90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini 90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini 90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini 90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini 90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe File opened for modification C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Games\Desktop.ini 90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Desktop.ini 90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe File opened for modification C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini 90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 848 90ef3f841bef457a352a092f2367a0de89d812318df6b2293876d5746281c777.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
MD5116fefa2e784b6cc8b090b7e1d0f03ed
SHA1461efd1160a0d7803ea13829b6b5af46ee9ccf5b
SHA256e848cd977cedb765b35ee37dad1e91ede8a2decfb1dd30c8f3b8ff342ec305fe
SHA512c2bf7cb427ba66006c0f02cc03537cd191b605ab20a70c1e845fdec2a7654aa562df780dff09542a5e8abfe540d8fa94c112e7fe3d8a0ae5ea1092f209411b83
-
Filesize
24KB
MD57dbdc1d1ba5cbeace7ad267428054f5f
SHA15cab93cfcb6c708fadb188262895201e7b226e0b
SHA25616167436a2fb218a8d18b3730ae6b4b8a9b6dca21314ae3e5df1a7573ec5b0ff
SHA512352eca4f5c5565f667c02ad9d23792ac63cbaa726cbfe6e760a559afee980849579a9967859e2c2a0fb54323fd42dd73eff97d4dd68bc38f38a966dab2a297bf
-
Filesize
328B
MD5679a8cd12a048184148457d78831450d
SHA1abd34eeb8797173e30a0612044b61ab3c5ae1040
SHA2567c4fd916b0091d00ef22ad166f47eb6f11ddd77433bcc0e496c473e718807a7e
SHA5127b92e5792eace855b13bbd80d1eb7ff5d9f217a049b359150e2d0039e9b1d9764afbab315edad658f5aa8399d6f31d335023ebf6bf848a7ff006802f81222a22