Overview

overview

9

Static

static

1

FTA Ransom...v1.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    42s
  • max time network
    47s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-de
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-delocale:de-deos:windows10-2004-x64systemwindows
  • submitted
    18/09/2024, 19:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    FTA RansomWare _v1.exe

  • Size

    1014KB

  • MD5

    a7b8806b659ae2a4c48e5f629770f43c

  • SHA1

    dc0cb3053a637fdf943505e0737c31a9c8bb07ea

  • SHA256

    699a801e471e0ba3e476ee77e731ff452513ab36ca3b4bf3cd488e6d16f3fd54

  • SHA512

    0ad1e00f3624bcf6b2ee05b33ba2f726229995cc57bfcf68530612da1be8762a86be19d1c5b4b76e45054bdd9f45025d684635f20c86d71ae14c3aeb2b31379e

  • SSDEEP

    12288:z5JD3ARJi6rNnIedM647WcO5DmxPgdsxWxAwjxSD/jvE5+5jv1iDo02+:z5JD3b6rd8U6QscxAwjxSDbvRco02+

Score
9/10
credential_accessdiscoveryspywarestealer

Malware Config

Signatures

  • Credentials from Password Stores: Credentials from Web Browsers 1 TTPs

    Malicious Access or copy of Web Browser Credential store.

    credential_accessstealer
  • Credentials from Password Stores: Windows Credential Manager 1 TTPs

    Suspicious access to Credentials History.

    credential_accessstealer
  • Drops startup file 1 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 64 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FTA RansomWare _v1.exe
    "C:\Users\Admin\AppData\Local\Temp\FTA RansomWare _v1.exe"
    1⤵
    • Drops startup file
    • Drops desktop.ini file(s)
    PID:3736
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.Windows.Search_cw5n1h2txyewy
    1⤵
      PID:4612
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:1684
    • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
      "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
      1⤵
      • Enumerates system info in registry
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:1444
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
      1⤵
        PID:384
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
        1⤵
          PID:1152

        Network

              MITRE ATT&CK Enterprise v15

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\4GIJNPEI\microsoft.windows[1].xml
                Filesize

                97B

                MD5

                ca629704a772846923552060821f7d92

                SHA1

                b55ea3647775752d26e56371f9509bcd02ef585e

                SHA256

                1382f81dcdc0f5741bed088327d00de73a5e9b1d07cd25d6f433fbc1be48b7c5

                SHA512

                b761ca0469398fba6643556afb19981dd1f977f630b207e104c7a17b1dd9918eb4a69d8d3827f6abb61967297ccef71c007e153740c81eda4ec4938abedab2e1

                Download Submit

              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\{1AC14E77-02E7-4E5D-B744-2EB1AE5198B7}_SnippingTool_exe
                Filesize

                36KB

                MD5

                bad093419be1135cfe9694ea77088c78

                SHA1

                76204c7ca72cf666add9c9931389d635c82e8af0

                SHA256

                136808af50ee73df9befd76f7aca21765782565b0095227c5a287f3be0b5ef3c

                SHA512

                3b5cb7f80d7cbc557b5a32a995cd607257ac8e56af935ce6f64c54ba1f311a65ef00c69c69047b6eb7bb678c2b1bc0a3c37548aef417ea49e414e1a34bcf651d

                Download Submit

              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{89ad72d6-51b2-49e9-b0be-df742e152bb2}\0.0.filtertrie.intermediate.txt
                Filesize

                14KB

                MD5

                641b04c0c2e568ecea6d8d29f1e8e9e5

                SHA1

                086d3a349aced38254367eb0c4204637ac06033e

                SHA256

                806d6968803e161fd84c284e60962fe3eaebbb8602554349923453e44297073f

                SHA512

                bdf26098bbdec4fc023a1ce2bcbf6ee595f6381f2a4ede7f87caa8b09381fede8d5530e36dde46c7971398aeb515116ac363f2e30c5879ab3846bd5994b0814a

                Download Submit

              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{89ad72d6-51b2-49e9-b0be-df742e152bb2}\0.1.filtertrie.intermediate.txt
                Filesize

                5B

                MD5

                34bd1dfb9f72cf4f86e6df6da0a9e49a

                SHA1

                5f96d66f33c81c0b10df2128d3860e3cb7e89563

                SHA256

                8e1e6a3d56796a245d0c7b0849548932fee803bbdb03f6e289495830e017f14c

                SHA512

                e3787de7c4bc70ca62234d9a4cdc6bd665bffa66debe3851ee3e8e49e7498b9f1cbc01294bf5e9f75de13fb78d05879e82fa4b89ee45623fe5bf7ac7e48eda96

                Download Submit

              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{89ad72d6-51b2-49e9-b0be-df742e152bb2}\0.2.filtertrie.intermediate.txt
                Filesize

                5B

                MD5

                c204e9faaf8565ad333828beff2d786e

                SHA1

                7d23864f5e2a12c1a5f93b555d2d3e7c8f78eec1

                SHA256

                d65b6a3bf11a27a1ced1f7e98082246e40cf01289fd47fe4a5ed46c221f2f73f

                SHA512

                e72f4f79a4ae2e5e40a41b322bc0408a6dec282f90e01e0a8aaedf9fb9d6f04a60f45a844595727539c1643328e9c1b989b90785271cc30a6550bbda6b1909f8

                Download Submit

              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{89ad72d6-51b2-49e9-b0be-df742e152bb2}\Apps.ft
                Filesize

                20KB

                MD5

                6f0c247471743fa91434f295608e4d40

                SHA1

                4a32b7ddf68e58e2a721d32f4d87644f19300dcd

                SHA256

                e957a261ed739a0a98f774ca46a4baa5e0c9b430cacf9df2148da46d6b1d038c

                SHA512

                3b8e42a74571feebd0de63a06265573040b39bad7477b11b38a78d1f67a8e0249697c9320f81b135e79ac852cac880d0f765697332067b8c29433638a542c251

                Download Submit

              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Apps_{89ad72d6-51b2-49e9-b0be-df742e152bb2}\Apps.index
                Filesize

                969KB

                MD5

                ce0751ca5c410f3f0481ed2e7cb40928

                SHA1

                6762aa0996c01966c875d1e4964d02d028ac8347

                SHA256

                2014c67e2d8901281704667ba5229459f5dbef043f22311a0820f9a83b99932d

                SHA512

                cad6ab3048a91ded96e3c172ebb42d1cef90fc9b1fd08c19630b6a033780ec75cd2ae8b87fe9b1d2ddad1b0d1cf697e48d63074acbc81e0f2650601cc587a562

                Download Submit

              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{3ecdbbab-1d92-403b-be51-7cdcbae3859c}\apps.csg
                Filesize

                444B

                MD5

                5475132f1c603298967f332dc9ffb864

                SHA1

                4749174f29f34c7d75979c25f31d79774a49ea46

                SHA256

                0b0af873ef116a51fc2a2329dc9102817ce923f32a989c7a6846b4329abd62cd

                SHA512

                54433a284a6b7185c5f2131928b636d6850babebc09acc5ee6a747832f9e37945a60a7192f857a2f6b4dd20433ca38f24b8e438ba1424cc5c73f0aa2d8c946ff

                Download Submit

              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{3ecdbbab-1d92-403b-be51-7cdcbae3859c}\apps.schema
                Filesize

                150B

                MD5

                1659677c45c49a78f33551da43494005

                SHA1

                ae588ef3c9ea7839be032ab4323e04bc260d9387

                SHA256

                5af0fc2a0b5ccecdc04e54b3c60f28e3ff5c7d4e1809c6d7c8469f0567c090bb

                SHA512

                740a1b6fd80508f29f0f080a8daddec802aabed467d8c5394468b0cf79d7628c1cb5b93cf69ed785999e8d4e2b0f86776b428d4fa0d1afcdf3cbf305615e5030

                Download Submit

              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{3ecdbbab-1d92-403b-be51-7cdcbae3859c}\appsconversions.txt
                Filesize

                1.4MB

                MD5

                2bef0e21ceb249ffb5f123c1e5bd0292

                SHA1

                86877a464a0739114e45242b9d427e368ebcc02c

                SHA256

                8b9fae5ea9dd21c2313022e151788b276d995c8b9115ee46832b804a914e6307

                SHA512

                f5b49f08b44a23f81198b6716195b868e76b2a23a388449356b73f8261107733f05baa027f8cdb8e469086a9869f4a64983c76da0dc978beb4ec1cb257532c6b

                Download Submit

              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{3ecdbbab-1d92-403b-be51-7cdcbae3859c}\appsglobals.txt
                Filesize

                343KB

                MD5

                931b27b3ec2c5e9f29439fba87ec0dc9

                SHA1

                dd5e78f004c55bbebcd1d66786efc5ca4575c9b4

                SHA256

                541dfa71a3728424420f082023346365cca013af03629fd243b11d8762e3403e

                SHA512

                4ba517f09d9ad15efd3db5a79747e42db53885d3af7ccc425d52c711a72e15d24648f8a38bc7e001b3b4cc2180996c6cac3949771aa1c278ca3eb7542eae23fd

                Download Submit

              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\ConstraintIndex\Input_{3ecdbbab-1d92-403b-be51-7cdcbae3859c}\appssynonyms.txt
                Filesize

                237KB

                MD5

                06a69ad411292eca66697dc17898e653

                SHA1

                fbdcfa0e1761ddcc43a0fb280bbcd2743ba8820d

                SHA256

                2aa90f795a65f0e636154def7d84094af2e9a5f71b1b73f168a6ea23e74476d1

                SHA512

                ceb4b102309dffb65804e3a0d54b8627fd88920f555b334c3eac56b13eeb5075222d794c3cdbc3cda8bf1658325fdecf6495334e2c89b5133c9a967ec0d15693

                Download Submit

              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133711627311697467.txt
                Filesize

                73KB

                MD5

                6b4901be4969e17d04cf3c1cf77b0d28

                SHA1

                50b317a6779885ffc888eed858d69574a1765361

                SHA256

                5445c9554dc0b4f990d71df1c15c29c02b9cd816ec95396f87f50ccac990b7e0

                SHA512

                65291bff0f7a83b10fb026400378b750ae4a61733bca8079fce1717cbfe6565a18124bdfe02f0079cf9e1135336a1886a14f3317200672571c9022a48db018aa

                Download Submit

              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
                Filesize

                9KB

                MD5

                f5d489498883e295da60f999664cbcbb

                SHA1

                1764642c5153daca59806a860fc0ae6ddf6a97a0

                SHA256

                93b575551da4675d308869452d3752e46992d62cb91c5e4d31d1abed12711ea0

                SHA512

                bdb89a8d3a029928cb88d2b503c0cd38dd6c5747cddfae538815363787a5aa86c467d7632142237363b1017a776e5f1874f3afb7df0d1fbf725301dcd53fd550

                Download Submit

              • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\TempState\CortanaUnifiedTileModelCache.dat
                Filesize

                10KB

                MD5

                2fa29fc37b67576e86691c21d188f2a4

                SHA1

                6355f70690e69017c7da89cf6c4e6cfd3deaaec6

                SHA256

                7295a178003769f616071e398e972a05033b800344f9d95d4cb3047a3fc952ab

                SHA512

                9e5c20ca818ef2ab6e7a440ee64e19e736b815715a19cb3f677b5e6a8b634be965b688402680de1ec58b1d8da87c4d394baa471230b42505a66e91f8de490d77

                Download Submit

              • memory/1444-69-0x000001A8DCD00000-0x000001A8DCE00000-memory.dmp

                Filesize

                1024KB

                Download

              • memory/1444-67-0x000001A8DCD00000-0x000001A8DCE00000-memory.dmp

                Filesize

                1024KB

                Download

              • memory/1684-50-0x000002B76A910000-0x000002B76A911000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-51-0x000002B76A910000-0x000002B76A911000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-55-0x000002B76A910000-0x000002B76A911000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-54-0x000002B76A910000-0x000002B76A911000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-57-0x000002B76A910000-0x000002B76A911000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-56-0x000002B76A910000-0x000002B76A911000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-58-0x000002B76A910000-0x000002B76A911000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-59-0x000002B76A910000-0x000002B76A911000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-60-0x000002B76A910000-0x000002B76A911000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-61-0x000002B76A920000-0x000002B76A921000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-62-0x000002B76A920000-0x000002B76A921000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-63-0x000002B76A930000-0x000002B76A931000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-64-0x000002B76A9B0000-0x000002B76A9B1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-65-0x000002B76A9B0000-0x000002B76A9B1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-52-0x000002B76A910000-0x000002B76A911000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-53-0x000002B76A910000-0x000002B76A911000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-48-0x000002B76A910000-0x000002B76A911000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-46-0x000002B76A910000-0x000002B76A911000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-49-0x000002B76A910000-0x000002B76A911000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-0-0x000002B762470000-0x000002B762480000-memory.dmp

                Filesize

                64KB

                Download

              • memory/1684-47-0x000002B76A910000-0x000002B76A911000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-45-0x000002B76A910000-0x000002B76A911000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-44-0x000002B76A910000-0x000002B76A911000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-43-0x000002B76A910000-0x000002B76A911000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-42-0x000002B76A8F0000-0x000002B76A8F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-41-0x000002B76A8F0000-0x000002B76A8F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-37-0x000002B76A8E0000-0x000002B76A8E1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-39-0x000002B76A8E0000-0x000002B76A8E1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-40-0x000002B76A8F0000-0x000002B76A8F1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-35-0x000002B76A7A0000-0x000002B76A7A1000-memory.dmp

                Filesize

                4KB

                Download

              • memory/1684-17-0x000002B762580000-0x000002B762590000-memory.dmp

                Filesize

                64KB

                Download