Analysis
-
max time kernel
134s -
max time network
143s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
29-04-2024 08:20
Behavioral task
behavioral1
Sample
pack.rar
Resource
win11-20240419-en
windows11-21h2-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
pack/Decrypter.exe
Resource
win11-20240419-en
windows11-21h2-x64
6 signatures
150 seconds
Behavioral task
behavioral3
Sample
pack/cho2.exe
Resource
win11-20240419-en
windows11-21h2-x64
20 signatures
150 seconds
Behavioral task
behavioral4
Sample
pack/privateKey.xml
Resource
win11-20240426-en
windows11-21h2-x64
2 signatures
150 seconds
Behavioral task
behavioral5
Sample
pack/publicKey.xml
Resource
win11-20240419-en
windows11-21h2-x64
2 signatures
150 seconds
General
-
Target
pack/Decrypter.exe
-
Size
218KB
-
MD5
97f3854d27d9f5d8f9b15818237894d5
-
SHA1
e608608d59708ef58102a3938d9117fa864942d9
-
SHA256
fac94a8e02f92d63cfdf1299db27e40410da46c9e86d8bb2cd4b1a0d68d5f7a2
-
SHA512
25d840a7a6f0e88092e0f852690ed9377cf3f38e0f2c95e74f8b2ffea574d83c6154cccdbf94f1756e2bbdcdb33b5106aab946644dedc4ffaefb6bf57a866696
-
SSDEEP
1536:PJG/sX9Ik6sq2njM9qRYxSKCxly16Pn6RikC:PJG/sX9i2YcRPm16Pn6ckC
Score
7/10
Malware Config
Signatures
-
Drops startup file 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini Decrypter.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s) 34 IoCs
description ioc Process File opened for modification C:\Users\Admin\Desktop\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\Pictures\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\Videos\desktop.ini Decrypter.exe File opened for modification F:\$RECYCLE.BIN\S-1-5-21-734199974-1358367239-436541239-1000\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\Contacts\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\Downloads\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\Searches\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini Decrypter.exe File opened for modification C:\Users\Public\Pictures\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\Pictures\Camera Roll\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\Pictures\Saved Pictures\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\Saved Games\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini Decrypter.exe File opened for modification C:\Users\Public\Desktop\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\Favorites\desktop.ini Decrypter.exe File opened for modification C:\Users\Public\Documents\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini Decrypter.exe File opened for modification C:\Users\Public\Music\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\Links\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\Music\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini Decrypter.exe File opened for modification C:\Users\Public\Videos\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\Documents\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\OneDrive\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini Decrypter.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini Decrypter.exe -
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-734199974-1358367239-436541239-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\lkae9segr.jpg" Decrypter.exe -
Suspicious behavior: EnumeratesProcesses 19 IoCs
pid Process 3992 Decrypter.exe 3992 Decrypter.exe 3992 Decrypter.exe 3992 Decrypter.exe 3992 Decrypter.exe 3992 Decrypter.exe 3992 Decrypter.exe 3992 Decrypter.exe 3992 Decrypter.exe 3992 Decrypter.exe 3992 Decrypter.exe 3992 Decrypter.exe 3992 Decrypter.exe 3992 Decrypter.exe 3992 Decrypter.exe 3992 Decrypter.exe 3992 Decrypter.exe 3992 Decrypter.exe 3992 Decrypter.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3992 Decrypter.exe