c1b64a1f5f197d061a7027f9b4b142f2d53c66a71c95eb41659c717c703ca562 | Triage

Submit
Reports

Overview

overview

8

Static

static

3

pretty.exe

windows10-1703-x64

8

pretty.exe

windows10-2004-x64

8

pretty.exe

windows11-21h2-x64

8

Sharing

General

Target

pretty.exe
Size

40.1MB
Sample

240528-1snthafb22
MD5

0e289105d4ff83bbe0f872dd362ed6b1
SHA1

37110bd3f4ef46fcf21c8f73917b7a395281ca2f
SHA256

c1b64a1f5f197d061a7027f9b4b142f2d53c66a71c95eb41659c717c703ca562
SHA512

0467b6ff82cea6dc3b770328be3d8636d66f0e598d73fd06bde33715807a19289e67808b694c6358ee0b1ebdb7b704ea44b0e59135079517c783dc2b1bf74833
SSDEEP

786432:Xl0Qvyb0Gpc9dY5DhMLEdE35iWXUR4oyJv7ILp1qeBG+2Z0cZntHw:KQvybbIexCLKo6R4Xv8VkV+2VZntH

Score

8^/10

discovery exploit pyinstaller ransomware spyware stealer

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

pretty.exe

Resource

win10-20240404-en

discovery exploit ransomware spyware stealer

windows10-1703-x64

23 signatures

300 seconds

Behavioral task

behavioral2

Sample

pretty.exe

Resource

win10v2004-20240426-en

discovery exploit ransomware spyware stealer

windows10-2004-x64

26 signatures

300 seconds

Behavioral task

behavioral3

Sample

pretty.exe

Resource

win11-20240426-en

discovery exploit ransomware spyware stealer

windows11-21h2-x64

25 signatures

300 seconds

Malware Config

Targets

- Target
  
  pretty.exe
- Size
  
  40.1MB
- MD5
  
  0e289105d4ff83bbe0f872dd362ed6b1
- SHA1
  
  37110bd3f4ef46fcf21c8f73917b7a395281ca2f
- SHA256
  
  c1b64a1f5f197d061a7027f9b4b142f2d53c66a71c95eb41659c717c703ca562
- SHA512
  
  0467b6ff82cea6dc3b770328be3d8636d66f0e598d73fd06bde33715807a19289e67808b694c6358ee0b1ebdb7b704ea44b0e59135079517c783dc2b1bf74833
- SSDEEP
  
  786432:Xl0Qvyb0Gpc9dY5DhMLEdE35iWXUR4oyJv7ILp1qeBG+2Z0cZntHw:KQvybbIexCLKo6R4Xv8VkV+2VZntH
Score

8^/10

discovery exploit ransomware spyware stealer
- Possible privilege escalation attempt
  exploit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

File and Directory Permissions Modification

Modify Registry

Hide Artifacts

Hidden Files and Directories

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Defacement

Resource Development

Reconnaissance

Tasks

static1

behavioral1

discoveryexploitransomwarespywarestealer

behavioral2

discoveryexploitransomwarespywarestealer

behavioral3

discoveryexploitransomwarespywarestealer

© 2018-2024

Terms | Privacy