Overview

overview

9

Static

static

3

9df8195bcf...09.exe

windows7-x64

9

9df8195bcf...09.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    31/05/2024, 11:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9df8195bcf7875fbe9c606b0c55dd237edc3160078ac927c94995378d59b3409.exe

  • Size

    348KB

  • MD5

    67233b799136b9b170c9506b8e82cb81

  • SHA1

    8c4b5d442530f1cd31355f3a782e88e65e024007

  • SHA256

    9df8195bcf7875fbe9c606b0c55dd237edc3160078ac927c94995378d59b3409

  • SHA512

    977ba52c0d3dd07cc4ca99c85f7907f3cff4c5f6253947107a56a213e47307b6b8f02e589fa96288a76f217b028df889f74770981233dba732dcd0cea236b8ab

  • SSDEEP

    6144:pLFkCMg+SX2RIcFMzbNSYMor7uhyFQIChwTd4E4rKgKYfHF2yqLtgnWaIFSNfseC:RFJURIIibNQorqhyKo4BJ/0yqLtaEk0x

Score
9/10
ransomwarespywarestealer

Malware Config

Signatures

  • Renames multiple (307) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 2 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9df8195bcf7875fbe9c606b0c55dd237edc3160078ac927c94995378d59b3409.exe
    "C:\Users\Admin\AppData\Local\Temp\9df8195bcf7875fbe9c606b0c55dd237edc3160078ac927c94995378d59b3409.exe"
    1⤵
    • Drops desktop.ini file(s)
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1860
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x148
    1⤵
      PID:2212

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini
      Filesize

      129B

      MD5

      8eed04ecf8edd3be8d934129f5189fb3

      SHA1

      c29a56036c23eb8d718a9ad6308d5aafae66920a

      SHA256

      14d573723910bee4cbda1fcce62f410f9457ca9f5d6d2044959594ee6b960f74

      SHA512

      ff9b92b2d69a7e52dfd49254c3601e99d33693b5fd90cb7fcd0b7b584500beb682e812a3a5eb1f8d6779bfc0eae20498aa07baca6780fa4e1df85e06dec27901

      Download Submit

    • C:\CHR4bQVWh.README.txt
      Filesize

      122B

      MD5

      1cd2c508680a93907346e98d6a1677e6

      SHA1

      42ab98d499046fe5477610f5c256aff0b0f5be5e

      SHA256

      f722457807534d1c563d6cfaa43e3a8b90d721dcef1d48c0a3921b4025cd6bda

      SHA512

      2757aeab0f7c2703e0dfb095b37aada25d2947d21c7c988e4dc4b842d07741f34e4f35447694bae5a60de374f6812c511fd912177c81f37a3efd578848ae574c

      Download Submit

    • F:\$RECYCLE.BIN\S-1-5-21-481678230-3773327859-3495911762-1000\DDDDDDDDDDD
      Filesize

      129B

      MD5

      cb8d3859125ae353c618849ebd14eea0

      SHA1

      c12e8766bdceb1e745cca99843e00ac263b3e1b8

      SHA256

      16810395a1e54dfe9e472a61cc4d3d6332b6eb9d313e3be85d1b8bab47482ab5

      SHA512

      389eb25c41b2e1bffdfd9ceb7e9eb4132ef700961268914bcc00cbeafec867f235f04178cb8a4be517d5d085be5b46844276d986e28d503e3cdd5b8e6c6d7b87

      Download Submit

    • memory/1860-9-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1860-0-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1860-8-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1860-7-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1860-6-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1860-5-0x0000000000401000-0x0000000000419000-memory.dmp

      Filesize

      96KB

      Download

    • memory/1860-2-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1860-1-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1860-11-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1860-10-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download

    • memory/1860-3-0x00000000002A0000-0x00000000002A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1860-4-0x0000000000260000-0x000000000029C000-memory.dmp

      Filesize

      240KB

      Download

    • memory/1860-843-0x0000000000400000-0x0000000000442000-memory.dmp

      Filesize

      264KB

      Download