Overview

overview

10

Static

static

10

2024-08-11...de.exe

windows7-x64

9

2024-08-11...de.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    11-08-2024 11:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-08-11_7aeb2d5c828d7c8c6525ce7710c81d7f_darkside.exe

  • Size

    146KB

  • MD5

    7aeb2d5c828d7c8c6525ce7710c81d7f

  • SHA1

    d72bfaf7d9700beb02169c61373d1a11e3923138

  • SHA256

    cd1837ab88989f53ec170c57f403d3712e4770494c2dac3a586e9d7503dcac48

  • SHA512

    2081495f5e3b7614baa88bd61028d77bfca3e8dc980ec16506027d42131ae2364db074ce7e5c4842d54741909775611dd4664ec70446f83b770bc7627785127b

  • SSDEEP

    1536:ezICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDhhsfITrOOZUrDV17OK7jVUby/Y:FqJogYkcSNm9V7DiIdZc51r7jS1bT

Score
9/10
defense_evasiondiscoveryransomwarespywarestealer

Malware Config

Signatures

  • Renames multiple (352) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 2 IoCs
  • Indicator Removal: File Deletion 1 TTPs

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: RenamesItself 26 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-08-11_7aeb2d5c828d7c8c6525ce7710c81d7f_darkside.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-08-11_7aeb2d5c828d7c8c6525ce7710c81d7f_darkside.exe"
    1⤵
    • Loads dropped DLL
    • Drops desktop.ini file(s)
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2988
    • C:\ProgramData\B922.tmp
      "C:\ProgramData\B922.tmp"
      2⤵
      • Deletes itself
      • Executes dropped EXE
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: RenamesItself
      • Suspicious use of WriteProcessMemory
      PID:2924
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /C DEL /F /Q C:\PROGRA~3\B922.tmp >> NUL
        3⤵
        • System Location Discovery: System Language Discovery
        PID:448
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x14c
    1⤵
      PID:876

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\BBBBBBBBBBB
      Filesize

      129B

      MD5

      794f6b54ffb3004aeb80ae86f27395d9

      SHA1

      69571b9408c1a9b17f091642f45b61f35479a051

      SHA256

      8563d3df6a5c088f3cf8783fe1d5da741e37412eb0835e64280b739b663ae40a

      SHA512

      0c606bc1b7795fc01868209701b43be11caa9a810c8a667ba245b850591f563546ab049ae0eff3ff476de0fde0e2506bcc30225f1b36662e683ef1d8e3dc328d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\DDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDDD
      Filesize

      146KB

      MD5

      1946a544f5300800e26c5e345b0105d9

      SHA1

      167bacca043b0e0a986442d472dee88dfb2e97e2

      SHA256

      5ae18947ed923a0a14407ddaba649e610381a03931446623c9b9609df1da7ba6

      SHA512

      835d5b5fe129759ebec50520ea872d4296d5948056082b9498baf1b842cc824a8b40def024be54e462e413ba61225555e60d2bb2724bbf3ac1c5a3568a30f92a

      Download Submit

    • C:\u67bPvnd7.README.txt
      Filesize

      596B

      MD5

      5427cd674e8f86faaa49f0e48a7d3fa5

      SHA1

      70f80c87a506eda9646345887e63fa11a054b03c

      SHA256

      d671f9a2b73aab36554a437560291b23aa012b2d7527609123778900bcccd68f

      SHA512

      b75fbbdc3769f2ac37a9d74755d4d1e5c47e7804319637e6fb7b0fb209c5b0aaf3a8c732fc4e6e7f69a92f34cca2b7980d3923b70a07ec3ee50cfe9813e4c65e

      Download Submit

    • F:\$RECYCLE.BIN\S-1-5-21-1385883288-3042840365-2734249351-1000\DDDDDDDDDDD
      Filesize

      129B

      MD5

      ac17ec7489f4160ef55b4861b5c70299

      SHA1

      f5cf54c6b2d171d28801e24835ffadce8dc583cf

      SHA256

      86999010b6a19a991892d5949feda84f2250a9241e9ed030fd9df736f368f3bc

      SHA512

      3880f3e13d9dbf4d507fdec0698cc765b5dc6f78e5bb561624cb3ce3c83210deb8f508113e370429086a7c038b55ea7adb2c9c9d93761a58b42f2fd18a586dc0

      Download Submit

    • \ProgramData\B922.tmp
      Filesize

      14KB

      MD5

      294e9f64cb1642dd89229fff0592856b

      SHA1

      97b148c27f3da29ba7b18d6aee8a0db9102f47c9

      SHA256

      917e115cc403e29b4388e0d175cbfac3e7e40ca1742299fbdb353847db2de7c2

      SHA512

      b87d531890bf1577b9b4af41dddb2cdbbfa164cf197bd5987df3a3075983645a3acba443e289b7bfd338422978a104f55298fbfe346872de0895bde44adc89cf

      Download Submit

    • memory/2924-882-0x0000000000400000-0x0000000000407000-memory.dmp

      Filesize

      28KB

      Download

    • memory/2924-884-0x0000000000400000-0x0000000000407000-memory.dmp

      Filesize

      28KB

      Download

    • memory/2988-0-0x0000000000400000-0x0000000000440000-memory.dmp

      Filesize

      256KB

      Download