Overview

overview

10

Static

static

10

3bfdacd5ec...1a.exe

windows7-x64

9

3bfdacd5ec...1a.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    24-04-2024 23:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3bfdacd5ecf70c53beeaefbd85c90eaceca5ca4787a8b61407e4bcb6ee3aef1a.exe

  • Size

    146KB

  • MD5

    77aa6101fc9e942340eace6fb846559d

  • SHA1

    26b73d615b8b3011493536dc74556b7c819e1087

  • SHA256

    3bfdacd5ecf70c53beeaefbd85c90eaceca5ca4787a8b61407e4bcb6ee3aef1a

  • SHA512

    bce08a1bdf63f4735933675e260b43e1905a78eeefbe9fda5a1a3e0c27b87d359d504a216c47c438135eb10c411da93df9233ae3e4d403a151a1fad34f137345

  • SSDEEP

    1536:czICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDTUwSN69EiEcpKDw/I28gQqTBGW:TqJogYkcSNm9V7DTW09Jnpmw5QqTt7T

Score
9/10
ransomwarespywarestealer

Malware Config

Signatures

  • Renames multiple (281) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3bfdacd5ecf70c53beeaefbd85c90eaceca5ca4787a8b61407e4bcb6ee3aef1a.exe
    "C:\Users\Admin\AppData\Local\Temp\3bfdacd5ecf70c53beeaefbd85c90eaceca5ca4787a8b61407e4bcb6ee3aef1a.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2820
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x148
    1⤵
      PID:2040

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Unsecured Credentials

    1
    T1552

    Credentials In Files

    1
    T1552.001

    Discovery

    Lateral Movement

    Collection

    Data from Local System

    1
    T1005

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini
      Filesize

      129B

      MD5

      f9ef470c441e2881b165ab090ed5ea0d

      SHA1

      bf7d76ebd00229a42948ca9d34177a40b0c86b8e

      SHA256

      82fa6ae48a254ababdba65b757a604803576e684ae54506ef9da8cb38e8e64a9

      SHA512

      08706f5a788b25a55de6d9c7468716eb9492a1d80b62fbeb182e6617811eee3be4ff4d4f7edd091952ec63fc72822e223ae1dc6ad427aa85722e44cf043f1fc7

      Download Submit
    • C:\5YTiaGVe1.README.txt
      Filesize

      1KB

      MD5

      c0bc88424604ab0ca8b146836b89f8bd

      SHA1

      58c0339a69e4d63dde543e45d23117451610acf1

      SHA256

      8bc36f51c8bea0804dd394f99a34f15ea4de0613c0aadad826a8f6560595685f

      SHA512

      ac23c7af6dd49b65054029e9af71f77d45641bb6bb5bcbc79e66eb2346811ba93df6907a2f58e257630971b021aceceb7a34ce20b6ccfd3d2dd37bc9697fc9c2

      Download Submit
    • F:\$RECYCLE.BIN\S-1-5-21-3627615824-4061627003-3019543961-1000\DDDDDDDDDDD
      Filesize

      129B

      MD5

      195f7ee89e4c33f129148f0e56a95fa4

      SHA1

      2ef948a9952c27a2b72b4d13df78ad5fb653cbb8

      SHA256

      987ec1bb8bd227e0ab2f0969d879ac78abf92c0bbbbd7f88f67b12208d31be99

      SHA512

      4166005065c8297e6c69609747f3f3cd47d7e4cf8cf7ad7f48ded5f8c2efedbd76c5a62277d1b1e46e163b998209516dd7bfb68fb0242efcce8e6be66c5d469d

      Download Submit
    • memory/2820-0-0x0000000000220000-0x0000000000260000-memory.dmp
      Filesize

      256KB

      Download