Overview

overview

10

Static

static

10

3bfdacd5ec...1a.exe

windows7-x64

9

3bfdacd5ec...1a.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    100s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240412-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-04-2024 23:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3bfdacd5ecf70c53beeaefbd85c90eaceca5ca4787a8b61407e4bcb6ee3aef1a.exe

  • Size

    146KB

  • MD5

    77aa6101fc9e942340eace6fb846559d

  • SHA1

    26b73d615b8b3011493536dc74556b7c819e1087

  • SHA256

    3bfdacd5ecf70c53beeaefbd85c90eaceca5ca4787a8b61407e4bcb6ee3aef1a

  • SHA512

    bce08a1bdf63f4735933675e260b43e1905a78eeefbe9fda5a1a3e0c27b87d359d504a216c47c438135eb10c411da93df9233ae3e4d403a151a1fad34f137345

  • SSDEEP

    1536:czICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDTUwSN69EiEcpKDw/I28gQqTBGW:TqJogYkcSNm9V7DTW09Jnpmw5QqTt7T

Score
9/10
ransomwarespywarestealer

Malware Config

Signatures

  • Renames multiple (613) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3bfdacd5ecf70c53beeaefbd85c90eaceca5ca4787a8b61407e4bcb6ee3aef1a.exe
    "C:\Users\Admin\AppData\Local\Temp\3bfdacd5ecf70c53beeaefbd85c90eaceca5ca4787a8b61407e4bcb6ee3aef1a.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1356

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-259785868-298165991-4178590326-1000\DDDDDDDDDDD
    Filesize

    129B

    MD5

    a9a723dba6094e518c5ccee25a8f858a

    SHA1

    52fbede80af9ed89d938357c3843ba39d83515bd

    SHA256

    f59c87685c050782f0ed9862b2c573d26988d411b006acc3502a9dac57209f29

    SHA512

    0cd7e38e40a03ee60031a340c2c68dc22df7ed0251d7bec50887146b57bb2649d11a747fccaf551cbe009f9b6dc3acc5385b6162d557d86d1bedf37276ec3a2b

    Download Submit
  • C:\5YTiaGVe1.README.txt
    Filesize

    1KB

    MD5

    c0bc88424604ab0ca8b146836b89f8bd

    SHA1

    58c0339a69e4d63dde543e45d23117451610acf1

    SHA256

    8bc36f51c8bea0804dd394f99a34f15ea4de0613c0aadad826a8f6560595685f

    SHA512

    ac23c7af6dd49b65054029e9af71f77d45641bb6bb5bcbc79e66eb2346811ba93df6907a2f58e257630971b021aceceb7a34ce20b6ccfd3d2dd37bc9697fc9c2

    Download Submit
  • F:\$RECYCLE.BIN\S-1-5-21-259785868-298165991-4178590326-1000\EEEEEEEEEEE
    Filesize

    129B

    MD5

    027dda1ab0e8b3dcae0983d4a490eee6

    SHA1

    d9c471b7c25139c33b38ba04d9d4dbb5add95732

    SHA256

    c42264fc2fd2157f054f05ea7a831b6170beccae4f0c9fb0aaad5ff02f9d6f1b

    SHA512

    e2a3a4c2368a7a3d96c05b970ababbd73e6c0250ede79c109fa21bced945cb5b60964db2ecb123ea9ee068df703556905d95d62c8896b23bd423a4914d5cffbd

    Download Submit
  • memory/1356-1-0x0000000003300000-0x0000000003310000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1356-0-0x0000000003300000-0x0000000003310000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1356-2-0x0000000003300000-0x0000000003310000-memory.dmp
    Filesize

    64KB

    Download