Overview

overview

10

Static

static

10

2024-04-26...de.exe

windows7-x64

9

2024-04-26...de.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26-04-2024 15:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-26_77aa6101fc9e942340eace6fb846559d_darkside.exe

  • Size

    146KB

  • MD5

    77aa6101fc9e942340eace6fb846559d

  • SHA1

    26b73d615b8b3011493536dc74556b7c819e1087

  • SHA256

    3bfdacd5ecf70c53beeaefbd85c90eaceca5ca4787a8b61407e4bcb6ee3aef1a

  • SHA512

    bce08a1bdf63f4735933675e260b43e1905a78eeefbe9fda5a1a3e0c27b87d359d504a216c47c438135eb10c411da93df9233ae3e4d403a151a1fad34f137345

  • SSDEEP

    1536:czICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDTUwSN69EiEcpKDw/I28gQqTBGW:TqJogYkcSNm9V7DTW09Jnpmw5QqTt7T

Score
9/10
ransomwarespywarestealer

Malware Config

Signatures

  • Renames multiple (324) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-26_77aa6101fc9e942340eace6fb846559d_darkside.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-26_77aa6101fc9e942340eace6fb846559d_darkside.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2744
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x154
    1⤵
      PID:1512

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-330940541-141609230-1670313778-1000\BBBBBBBBBBB
      Filesize

      129B

      MD5

      c98226d6650e407d2c21e14d8c663cc0

      SHA1

      7de6ccf2885c3f56fb0a725abe71d90787cd7988

      SHA256

      388187c15f49e0243e509bc1bdfb439e755d0b421c94c3ff90303b7085774159

      SHA512

      2b4c9147c4c195e9151b6ef5e1a0ba931c0e0b72c12ffb78bb1785c7650da240201595077891dabc3846718c3fc16cfd080a03527211f524e3deefd7ce1ce601

      Download Submit

    • C:\5YTiaGVe1.README.txt
      Filesize

      1KB

      MD5

      c0bc88424604ab0ca8b146836b89f8bd

      SHA1

      58c0339a69e4d63dde543e45d23117451610acf1

      SHA256

      8bc36f51c8bea0804dd394f99a34f15ea4de0613c0aadad826a8f6560595685f

      SHA512

      ac23c7af6dd49b65054029e9af71f77d45641bb6bb5bcbc79e66eb2346811ba93df6907a2f58e257630971b021aceceb7a34ce20b6ccfd3d2dd37bc9697fc9c2

      Download Submit

    • F:\$RECYCLE.BIN\S-1-5-21-330940541-141609230-1670313778-1000\DDDDDDDDDDD
      Filesize

      129B

      MD5

      b6b248b8eb8793cbc974311a5e845af1

      SHA1

      2f3e1f164dbbe4814c172c5b5a5ef8da2a39adb0

      SHA256

      799868aabe3478249f9b25eec515be174a82e173d2f928f67176753f7d21252f

      SHA512

      c4cbb3e7e3e8fb7652cfe7cc552dc38702ed0a9fab44f1f31266918cc48b933090d06b8f22450a2ca43de3e49501b91d87ed866060e3a010a46c15feb5441e50

      Download Submit

    • memory/2744-0-0x0000000002150000-0x0000000002190000-memory.dmp

      Filesize

      256KB

      Download