Overview

overview

10

Static

static

1

4486ecf3f3...07.exe

windows7-x64

10

Resubmissions

07/04/2024, 02:21 UTC

240407-cs71daba79 10

07/04/2024, 02:21 UTC

240407-cs2hlaae5t 10

07/04/2024, 02:20 UTC

240407-csw8waba75 10

07/04/2024, 02:20 UTC

240407-csr9xsae4x 10

07/07/2022, 18:59 UTC

220707-xm664shhb2 10

Analysis

  • max time kernel
    371s
  • max time network
    437s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    07/04/2024, 02:20 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4486ecf3f3498975deb6bc982ee6c543d1453cd55fd35662eef7dc7878c3e407.exe

  • Size

    1.0MB

  • MD5

    dd77766a7812b98ad629c9d95e32a616

  • SHA1

    9c821700d9af634ac0c3cf2076ac3e681774c47f

  • SHA256

    4486ecf3f3498975deb6bc982ee6c543d1453cd55fd35662eef7dc7878c3e407

  • SHA512

    d49067da309deec250ab5753fec487ed77b6e3659cb7d4f41b4a81b3eacfc370ddd024bb14bea11a660234f468ea1535f5971f7e51b1736c60f0a783ff5b2c1d

  • SSDEEP

    12288:CT1tIG8n5WecvDH0viPR6dDHPpnPj75I4SoQbCdWze/fswN+eSchTyGojj0nUZNP:CBtLULYDHTR8/IQmdkfsq+myGyYywqGE

Score
10/10
troldeshdiscoverypersistenceransomwarespywarestealertrojanupx

Malware Config

Signatures

  • Troldesh, Shade, Encoder.858

    Troldesh is a ransomware spread by malspam.

    ransomwaretrojantroldesh
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4486ecf3f3498975deb6bc982ee6c543d1453cd55fd35662eef7dc7878c3e407.exe
    "C:\Users\Admin\AppData\Local\Temp\4486ecf3f3498975deb6bc982ee6c543d1453cd55fd35662eef7dc7878c3e407.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of UnmapMainImage
    PID:1704

Network

    No results found
  • 86.59.21.38:443
    www.2g67o7w3xd4.com
    tls
    4486ecf3f3498975deb6bc982ee6c543d1453cd55fd35662eef7dc7878c3e407.exe
    3.8kB
     8.2kB
     17
    18
  • 127.0.0.1:49206
    4486ecf3f3498975deb6bc982ee6c543d1453cd55fd35662eef7dc7878c3e407.exe
  • 193.23.244.244:443
    www.fingbkawbu7iomdo2rbc2z3.com
    tls
    4486ecf3f3498975deb6bc982ee6c543d1453cd55fd35662eef7dc7878c3e407.exe
    441 B
     132 B
     5
    3
  • 131.188.40.189:443
    www.slsnkhnavwron.com
    tls
    4486ecf3f3498975deb6bc982ee6c543d1453cd55fd35662eef7dc7878c3e407.exe
    3.1kB
     8.0kB
     13
    14
No results found

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1704-0-0x0000000001E10000-0x0000000001EE5000-memory.dmp

    Filesize

    852KB

    Download

  • memory/1704-1-0x0000000000400000-0x0000000000608000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1704-2-0x0000000000400000-0x0000000000608000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1704-3-0x0000000000400000-0x0000000000608000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1704-4-0x0000000000400000-0x0000000000608000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1704-5-0x0000000000400000-0x0000000000608000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1704-6-0x0000000000400000-0x0000000000608000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1704-10-0x0000000000400000-0x0000000000608000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1704-11-0x0000000001E10000-0x0000000001EE5000-memory.dmp

    Filesize

    852KB

    Download

  • memory/1704-12-0x0000000000400000-0x0000000000608000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1704-13-0x0000000000400000-0x0000000000608000-memory.dmp

    Filesize

    2.0MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.