Overview

overview

10

Static

static

10

cf6305a678...7b.exe

windows7-x64

9

cf6305a678...7b.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    106s
  • max time network
    66s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-09-2024 09:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cf6305a67821101a2613f779dfb463a776b2353f0fe81ceeaf1c5c70039e5d7b.exe

  • Size

    147KB

  • MD5

    fd68012fa7c5c63d393aa44b039cd193

  • SHA1

    62084644f50562eefc223c0b505f77ba1d953e5e

  • SHA256

    cf6305a67821101a2613f779dfb463a776b2353f0fe81ceeaf1c5c70039e5d7b

  • SHA512

    98d00d758303473040a509ffecf938a976702707fa1fb8ef98f8b2df4ef9ce7ef2ff714a11f1284bfff31a9edb62144f797cddff24394faded5e156fbe475077

  • SSDEEP

    1536:CzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDYM3UFLzhoDGBxkFQBoBml6ziNS:BqJogYkcSNm9V7DDENzyqxkbml6BbBT

Score
9/10
discoveryransomwarespywarestealer

Malware Config

Signatures

  • Renames multiple (4110) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 50 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cf6305a67821101a2613f779dfb463a776b2353f0fe81ceeaf1c5c70039e5d7b.exe
    "C:\Users\Admin\AppData\Local\Temp\cf6305a67821101a2613f779dfb463a776b2353f0fe81ceeaf1c5c70039e5d7b.exe"
    1⤵
    • Drops desktop.ini file(s)
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2716
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x154
    1⤵
      PID:3036

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini
      Filesize

      129B

      MD5

      87a981d1b498683f20989b77705eaecb

      SHA1

      15371a1b68bb0b80503a28ab2584ec47f78246c1

      SHA256

      b33e1d388645bc4d76000970fd2103bac67c10b35882b43684b04517f07e0a0b

      SHA512

      49b2da7441317380a7e301c24384fe96d58eb089c7ddc832b0bf876400d24fe3431d5c0e75edc1cad6036bd66f9a5b17dbebfc5b9b09cc209a3be2733a441b3e

      Download Submit

    • C:\kHvolaMJY.README.txt
      Filesize

      1KB

      MD5

      41358c851ca028b4c82f3c5c1ca6440f

      SHA1

      3832debb114a0421006e94ddaae45805baafbbb5

      SHA256

      66244691ed831b280edb737ef21d9b1159a59e4aa07bafcfa53db2b3f76b55f3

      SHA512

      9df88a2d71591c9eae7a38a29046168602a6966cb280d311b22f4157169bd6fe58672a11c3e324b3074bb838101e659634e4769501abc79bb4f27a949f0de01b

      Download Submit

    • F:\$RECYCLE.BIN\S-1-5-21-457978338-2990298471-2379561640-1000\EEEEEEEEEEE
      Filesize

      129B

      MD5

      da3131c1791be0f58c5e8a466091133b

      SHA1

      7f62ed9f0421c97ee073abc88710fbb8961b71f0

      SHA256

      10749574126dc2496a61522cf7fb5577a4fd3474ba9ef46d05438903e96784a9

      SHA512

      fad002753b5ed520e533b9def2ba710d986064b2b4dd11dba276b88421c3a900b2e064a9f002b90c16f8f77cb34a347096c774ebd1ef64a69d8dc39949aa609f

      Download Submit

    • memory/2716-0-0x00000000021F0000-0x0000000002230000-memory.dmp

      Filesize

      256KB

      Download