Overview

overview

10

Static

static

10

2024-04-26...de.exe

windows7-x64

9

2024-04-26...de.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    134s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-04-2024 15:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-04-26_77aa6101fc9e942340eace6fb846559d_darkside.exe

  • Size

    146KB

  • MD5

    77aa6101fc9e942340eace6fb846559d

  • SHA1

    26b73d615b8b3011493536dc74556b7c819e1087

  • SHA256

    3bfdacd5ecf70c53beeaefbd85c90eaceca5ca4787a8b61407e4bcb6ee3aef1a

  • SHA512

    bce08a1bdf63f4735933675e260b43e1905a78eeefbe9fda5a1a3e0c27b87d359d504a216c47c438135eb10c411da93df9233ae3e4d403a151a1fad34f137345

  • SSDEEP

    1536:czICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDTUwSN69EiEcpKDw/I28gQqTBGW:TqJogYkcSNm9V7DTW09Jnpmw5QqTt7T

Score
9/10
ransomwarespywarestealer

Malware Config

Signatures

  • Renames multiple (591) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-04-26_77aa6101fc9e942340eace6fb846559d_darkside.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-04-26_77aa6101fc9e942340eace6fb846559d_darkside.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3368

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-711569230-3659488422-571408806-1000\desktop.ini
    Filesize

    129B

    MD5

    edf58015c8af4b46b61fe2ed9321ae50

    SHA1

    2ee3b677ebf59a02f5912fc9b498fdbef0eb6a70

    SHA256

    3450b0f154412f932bed19acc3463308846b76a6e700d2b5804a26dd4bee7590

    SHA512

    969fce48583668ced6c1a3e2dbbbbaaa536b138a613e9a4c8b765113d7d3925fff17ee07971c74569e3bc349536258a9dfbd55426471780ff2907a9abe7e1608

    Download Submit
  • C:\5YTiaGVe1.README.txt
    Filesize

    1KB

    MD5

    c0bc88424604ab0ca8b146836b89f8bd

    SHA1

    58c0339a69e4d63dde543e45d23117451610acf1

    SHA256

    8bc36f51c8bea0804dd394f99a34f15ea4de0613c0aadad826a8f6560595685f

    SHA512

    ac23c7af6dd49b65054029e9af71f77d45641bb6bb5bcbc79e66eb2346811ba93df6907a2f58e257630971b021aceceb7a34ce20b6ccfd3d2dd37bc9697fc9c2

    Download Submit
  • F:\$RECYCLE.BIN\S-1-5-21-711569230-3659488422-571408806-1000\DDDDDDDDDDD
    Filesize

    129B

    MD5

    4f906636da901e26b0f589bda0cc066e

    SHA1

    df80cdfd43c972e8ecfb9508b7ec65a06f1d5c7f

    SHA256

    68e5634c575ad776ec51da0caa5f8072372a1f11339c3a9be3a3ece5e9432bdd

    SHA512

    d94ec89b6129fe1b088eceac74c2e8af7450c2561002ce48a58c5ab98d3a7d6eb8e6d40380ef32d2a11bc81c6a55101f1864b56b6cfe1da73a43ca208f26a75a

    Download Submit
  • memory/3368-2-0x0000000002D70000-0x0000000002D80000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3368-1-0x0000000002D70000-0x0000000002D80000-memory.dmp
    Filesize

    64KB

    Download
  • memory/3368-0-0x0000000002D70000-0x0000000002D80000-memory.dmp
    Filesize

    64KB

    Download