Overview
overview
10Static
static
10323389cde5...f3.exe
windows7-x64
1323389cde5...f3.exe
windows10-2004-x64
1365712147d...a7.exe
windows7-x64
10365712147d...a7.exe
windows10-2004-x64
105474e75872...06.exe
windows7-x64
105474e75872...06.exe
windows10-2004-x64
1059c59ef90d...4d.exe
windows7-x64
1059c59ef90d...4d.exe
windows10-2004-x64
1063fb410fc5...22.exe
windows7-x64
763fb410fc5...22.exe
windows10-2004-x64
79443472de4...e5.exe
windows7-x64
19443472de4...e5.exe
windows10-2004-x64
197a877b999...8d.exe
windows7-x64
1097a877b999...8d.exe
windows10-2004-x64
10a0f5def5aa...93.exe
windows7-x64
1a0f5def5aa...93.exe
windows10-2004-x64
1abfe442282...b1.exe
windows7-x64
1abfe442282...b1.exe
windows10-2004-x64
1b21f34ecfa...73.exe
windows7-x64
9b21f34ecfa...73.exe
windows10-2004-x64
9svchost.exe
windows7-x64
9svchost.exe
windows10-2004-x64
9b8ce017478...a8.exe
windows7-x64
9b8ce017478...a8.exe
windows10-2004-x64
9bbb4627895...f2.exe
windows7-x64
1bbb4627895...f2.exe
windows10-2004-x64
1bdf06acf03...63.exe
windows7-x64
1bdf06acf03...63.exe
windows10-2004-x64
1db3529a2d9...81.exe
windows7-x64
1db3529a2d9...81.exe
windows10-2004-x64
1e24b84c020...db.exe
windows7-x64
9e24b84c020...db.exe
windows10-2004-x64
9Resubmissions
21-01-2024 14:52
240121-r8syqaeac7 1021-01-2024 14:51
240121-r8k8waeac5 1001-01-2024 13:55
240101-q776kscacp 10Analysis
-
max time kernel
139s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
21-01-2024 14:51
Behavioral task
behavioral1
Sample
323389cde5a3059c6c6e5c6c711d11e434a577b11dc07a9aeb7f8e1fb661ecf3.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
323389cde5a3059c6c6e5c6c711d11e434a577b11dc07a9aeb7f8e1fb661ecf3.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
365712147d687fb2eb2d5cb612586c7d3d7364277441491a3ab379a4a1128ba7.exe
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
365712147d687fb2eb2d5cb612586c7d3d7364277441491a3ab379a4a1128ba7.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
5474e75872eeb1e34cbe407c73409d4c65da7bd6aa9378b356bb3c12f316c506.exe
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
5474e75872eeb1e34cbe407c73409d4c65da7bd6aa9378b356bb3c12f316c506.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral7
Sample
59c59ef90d1370297375d4e3195eabe2a031251bc939fae962a835d8336a8a4d.exe
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
59c59ef90d1370297375d4e3195eabe2a031251bc939fae962a835d8336a8a4d.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral9
Sample
63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
63fb410fc5267c61c5099927af714a8f5f4ba6dcdeeb1f297b022879767c7222.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
9443472de461e9e7a9d7b7d89fa13815521db1ecebea5054643664953ee366e5.exe
Resource
win7-20231215-en
Behavioral task
behavioral12
Sample
9443472de461e9e7a9d7b7d89fa13815521db1ecebea5054643664953ee366e5.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
97a877b999fb2a3c8286548ac4b20f364a862b132a87272fe273c670a654ba8d.exe
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
97a877b999fb2a3c8286548ac4b20f364a862b132a87272fe273c670a654ba8d.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
a0f5def5aaaefa3ae538da9c643a5e381ea89cdee3e451ab1d0c52181d758593.exe
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
a0f5def5aaaefa3ae538da9c643a5e381ea89cdee3e451ab1d0c52181d758593.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral17
Sample
abfe4422828c6515e7b53c50a8f07dda0169f4ee34173357b6fa35b06fe144b1.exe
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
abfe4422828c6515e7b53c50a8f07dda0169f4ee34173357b6fa35b06fe144b1.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral19
Sample
b21f34ecfa7135153d506b3fde2a0d0bd23b44eccedc635cbfa474e321040273.exe
Resource
win7-20231215-en
Behavioral task
behavioral20
Sample
b21f34ecfa7135153d506b3fde2a0d0bd23b44eccedc635cbfa474e321040273.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral21
Sample
svchost.exe
Resource
win7-20231215-en
Behavioral task
behavioral22
Sample
svchost.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral23
Sample
b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe
Resource
win7-20231215-en
Behavioral task
behavioral24
Sample
b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral25
Sample
bbb46278959b4628106319457405a8cc04681c82c2c8afa30475d50ed63417f2.exe
Resource
win7-20231215-en
Behavioral task
behavioral26
Sample
bbb46278959b4628106319457405a8cc04681c82c2c8afa30475d50ed63417f2.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral27
Sample
bdf06acf03785275d01d4135b432b56b31c7f352f9be3cf8eca00286251aa163.exe
Resource
win7-20231129-en
Behavioral task
behavioral28
Sample
bdf06acf03785275d01d4135b432b56b31c7f352f9be3cf8eca00286251aa163.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral29
Sample
db3529a2d96f82af48dd8b93615cf89ee5e0c9fe84d70222b30adcb947602881.exe
Resource
win7-20231129-en
Behavioral task
behavioral30
Sample
db3529a2d96f82af48dd8b93615cf89ee5e0c9fe84d70222b30adcb947602881.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral31
Sample
e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
Resource
win7-20231215-en
Behavioral task
behavioral32
Sample
e24b84c0201106d00cb293da0216414c8bc60de61d8de5f7ffdcd660e67317db.exe
Resource
win10v2004-20231215-en
General
-
Target
b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe
-
Size
245KB
-
MD5
78db42a978dbaeec6b87e718b0e00160
-
SHA1
226616df9b26e9ca327805755b75813ad67c1f3f
-
SHA256
b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8
-
SHA512
8a8a29eb8679512ab214d16b3e207a4545dbd63a8410ce41eef8d2c249131a5947a157344932b6041feb3084ad14d437627d754a34b977a6c2f71159a54b2b5c
-
SSDEEP
6144:ZU1aQUdyXTFDhznLOoAM4zkw7nMnp5PdleQRWsvBoCRt7Y0x:ZUQd4TFJLOolqk/72QksvBBt7Y0
Malware Config
Signatures
-
Renames multiple (157) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself 1 IoCs
pid Process 2328 b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe -
Enumerates connected drives 3 TTPs 24 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\I: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\G: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\H: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\L: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\B: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\N: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\E: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\W: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\Y: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\U: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\O: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\P: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\X: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\Q: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\T: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\A: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\J: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\K: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\M: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\R: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\S: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\Z: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\V: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe File opened (read-only) \??\F: b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2328 b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe 2328 b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe -
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2328 b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe"C:\Users\Admin\AppData\Local\Temp\b8ce0174783c9c7ec30f96f8857c356e61365562463457d3ef0d1f62f4d302a8.exe"1⤵
- Deletes itself
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
PID:2328
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
415B
MD5a737534f6b78e78d154a68c9e23251b9
SHA1f4cff3471965cdd5763edf86fb897f2e671c9336
SHA2569c551d94361cfe9c3bd475d6d45738f299fc9eb07fed69a44db30356e2af14d8
SHA512d0c7c82ff8a7991e7e2569a0ce412c0fc5ed5fdad0174ecc9c73c31a6af2f85f7e23695735d2a61c85aea7996383ee26926f04f29627bc61c6a7992af48f096d