Overview

overview

10

Static

static

10

2024-08-15...de.exe

windows7-x64

9

2024-08-15...de.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-08-2024 04:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-08-15_0c7e0266af636fd730890fcdaa0d4f13_darkside.exe

  • Size

    145KB

  • MD5

    0c7e0266af636fd730890fcdaa0d4f13

  • SHA1

    831c3169028173d1915c399a65a05fda8a65901b

  • SHA256

    7ce00239cfd50516eae50dc385def3841e1c85974ea332e649fe5dc10f4ecf52

  • SHA512

    3d1983e3697450729b4aa0a9324d8ce57823ed10d7a58699b181c2f8069557132c01069ef8a2fc813c3002d8c2b204b0f2881673fbb3f9bea6109a50c3b9536c

  • SSDEEP

    1536:PzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDwjRuGmBk5c7vyK9o8tJ3O1qQ8M:wqJogYkcSNm9V7DbGSJtJ3OYsFT

Score
9/10
discoveryransomwarespywarestealer

Malware Config

Signatures

  • Renames multiple (595) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-08-15_0c7e0266af636fd730890fcdaa0d4f13_darkside.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-08-15_0c7e0266af636fd730890fcdaa0d4f13_darkside.exe"
    1⤵
    • Drops desktop.ini file(s)
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-523280732-2327480845-3730041215-1000\GGGGGGGGGGG
    Filesize

    129B

    MD5

    b3009b3514e9672b9a2a5fa4dda1c886

    SHA1

    370b79d5763c7c1152eeb917c1d8bd5c2460472b

    SHA256

    f257aef2c998061403191f4fac25ee0283c1bec7086efb9e36f4252ba031b63c

    SHA512

    3c9dd14f567b31698175eee4a40330a870c215388216623f3dafb631b18cf6d0c3f14330d5f25bceb775bc4b85ee43bf50045904e1111d8e88d48eac159264bd

    Download Submit

  • C:\sgViuid80.README.txt
    Filesize

    321B

    MD5

    706eeb895a361962cb185424540cbcf6

    SHA1

    bd3b2a2f0db550fba9e3a0b1a381544140848ed2

    SHA256

    f4ca1bc1dc9e52fd18f96b36ddf5b113e15409e0b6fa2d3b12dc89597972cff1

    SHA512

    313f11ef6e5b2e81438fb3ab836fb5675c2c614c4f7286a6b35da9f12c1627cd74191218d3971b25378c7f275c10f7cc7b09e6fb44aa4523c8ae2359cac93701

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-523280732-2327480845-3730041215-1000\DDDDDDDDDDD
    Filesize

    129B

    MD5

    2a47d2977812a7ddfb36fe023ace345e

    SHA1

    4334a582b8018889bdd30e3b8e202eb6a65096ed

    SHA256

    7ddd9986a6b2dc3f7d1a2dce10418893518b8d67023ab3ee5b8f2acec29fa33f

    SHA512

    ca3afc27b981f938e1280f9a0fe7c9379b18bfa05fe91e66ac5a944d1539907aca464f2f714439763d4b0fd2c099896b3fc783f52fe914673a32ba30c6fa62bf

    Download Submit

  • memory/2816-0-0x0000000000CF0000-0x0000000000D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2816-1-0x0000000000CF0000-0x0000000000D00000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2816-2-0x0000000000CF0000-0x0000000000D00000-memory.dmp

    Filesize

    64KB

    Download