Overview

overview

10

Static

static

3

f632dce9c6...8e.exe

windows7-x64

10

f632dce9c6...8e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    32s
  • max time network
    29s
  • platform
    windows7_x64
  • resource
    win7-20240319-en
  • resource tags

    arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
  • submitted
    10-04-2024 11:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f632dce9c6fea6d80521a00fd89bfc7dbeaeb1e66ef680159c2c4209662a5d8e.exe

  • Size

    2.2MB

  • MD5

    99762b33396b8128e6e72fc66a8e8939

  • SHA1

    edb33f83c49268ef604e073d33f358b5b4da60ce

  • SHA256

    f632dce9c6fea6d80521a00fd89bfc7dbeaeb1e66ef680159c2c4209662a5d8e

  • SHA512

    71a5c78519ea6028bfffdb0d1199c36b245a70766e650dcab85b333966b6a66b3a8e1a672eee495a11a9ee5f722e00625e546f6d85b86067a6484ac27e4ed036

  • SSDEEP

    49152:yz+eK5Bhzwrb/TEvO90dL3BmAFd4A64nsfJqyM4w7qLiC/gv4sxZ2EAKEz1q:yz+rzLyM1GLhukEAO

Score
10/10
darksideransomware

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\README.txt

Family

darkside

Ransom Note
WINNER WINNER CHICKEN DINNER What happend? ############################################## All your servers and computers are encrypted, backups are deleted. We use strong encryption algorithms, so you cannot decrypt your data. But you can restore everything by purchasing a special program from us - universal decryptor. This program will restore all your network. Follow our instructions below and you will recover all your data. What guarantees? ############################################## We value our reputation. If we do not do our work and liabilities, nobody will pay us. This is not in our interests. All our decryption software is perfectly tested and will decrypt your data. We will also provide support in case of problems. We guarantee to decrypt one image file for free. The file size should be no more than 2 MB. Contact us by email: [email protected] !!! DANGER !!! DO NOT MODIFY or try to RECOVER any files yourself. We WILL NOT be able to RESTORE them. !!! DANGER !!!

Signatures

  • DarkSide

    Targeted ransomware first seen in August 2020. Operators steal data to use as leverage.

    ransomwaredarkside
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f632dce9c6fea6d80521a00fd89bfc7dbeaeb1e66ef680159c2c4209662a5d8e.exe
    "C:\Users\Admin\AppData\Local\Temp\f632dce9c6fea6d80521a00fd89bfc7dbeaeb1e66ef680159c2c4209662a5d8e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2932
    • C:\Windows\system32\cipher.exe
      cipher.exe /w:C:\
      2⤵
        PID:1760
      • C:\Windows\system32\cipher.exe
        cipher.exe /w:F:\
        2⤵
        • Enumerates connected drives
        PID:2260

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\Downloads\README.txt
      Filesize

      1009B

      MD5

      5f5d5821609d17a014cc9296fad94085

      SHA1

      c1c47a0a209df64d8b5326a993c0fafc8dfa1dad

      SHA256

      2cdb19bf6ca8ac5f13dde100b74e7a0a26a265fd19e8f6102a4c37b585bd6597

      SHA512

      dfd5d831a3b829a2012c241f75040c726acbee481bb3dadf1068ae33f194666d207fbffbc277d70c1dafe96af9219aabf72353d2abf53274b21c3914b1bd3886

      Download Submit