Analysis
-
max time kernel
149s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
30-09-2024 05:16
General
-
Target
sample.exe
-
Size
10KB
-
MD5
0e7215901aa61f182a5d229d289b073a
-
SHA1
a34cea415bc7d07d93c6b1b02e2a2349fc3b38b8
-
SHA256
6cd338d71c9b2e482089e164a2d58f03e0619734b4436fb745df4f57527eeed6
-
SHA512
d2d20855e7365c9db534b9c70e687c65503147619b18656fcd461424dcb7ccac32b4d5de029e7676037e78d9b2bb616688763b16559f262a34f0d11415c0b203
-
SSDEEP
192:X7slLwEkBoDGZu6qdkXn3sHBrDPNCGmkVQLrF:AV8+G4dk30XYoVor
Malware Config
Signatures
-
Renames multiple (729) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 7 IoCs
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
-
Suspicious use of FindShellTrayWindow 19 IoCs
-
Suspicious use of SendNotifyMessage 19 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\sample.exe"C:\Users\Admin\AppData\Local\Temp\sample.exe"1⤵
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\README.txt1⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /01⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
Network
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16B
MD51e5747b4c995e0a2013bdd7e5d106693
SHA175c145a9803a54cc32b1debfbd95a31297e31fbb
SHA256165772da379e078bc8b7535b93dcec8192d29ff5aaed271e61010892ab3e2cbb
SHA5122aaf627771106fcba16e7d336f95663c101e0a1a610fa24f81093a07e407352fbe7e568ec13e978a51047a071cb0fb22a38dc0eb262e4badf01b8702c6c54d00
-
Filesize
8KB
MD5dfce9e60e4e9555168b8e671fec8c709
SHA10c4d94b590fc8eee2c8589332a64aad2fabe5ed9
SHA25638d7a4f3ab7be0fc5620ab314b9976bb37df3e32fc3ca158119061cf15936acf
SHA512b9ea477b5665dbcf4704c7c287b0336bbb6d57753435ee053f8327bd166230e56e76d6b3cbb688c02fff06851ff6261137366020688fd9b19d27e59a413ee471
-
Filesize
16B
MD50785be4c59d706caec9dff65e4497609
SHA1ebefe2551763351c990c370cae2a91f117bf5320
SHA256576d8eefafe49758b8f35a5e1df69302d751abe5e5db181938e2441208efbe53
SHA512c19bc7413a56b72f09aab094da0a4ba74bc5b00372f99d1733225410d2ca1b7bdeec7ef4d7b02d04bc4aa73278899dbb292325a997bb53710e77e20bb74eb8f7
-
Filesize
16B
MD51529e9189db6972834d742dc19807370
SHA1f85b2082fb9dbbd63748e60c2141a7ba11642b33
SHA2562ee313a15e3a92f02fe9e0b855bed6108824d3baf652cdc432de2a421afeb1ec
SHA512d5bd05371a52b64fcab76b726811a1ef792e14c5e15b16d534dea1a8821350503eb3cbd054d724dec5dbfdbca13db77795735dc7673b9207d784090ff3d2555b
-
Filesize
77KB
MD55067b2f252307df367609c1e5acdb245
SHA11110f010196026f8f3678c058e9091a5b75f022d
SHA2563788caf81a591b785978b2d7eaa742bee517bd579767c2477aa316c81ebd711e
SHA5121c56bd86f92a4d573c289a20bd72525efa1e9f8ea987685ab0c08198741ac687bb4a33a04646adc1b522a2fdb57e9e6bd4d5eeaa3aedee873ac9b604fb33ecdd
-
Filesize
65KB
MD52e310212476a6d637c68103cd27194f4
SHA1330453bf9992d431a9d755c391b17a730b6b4d5e
SHA256e623049d1c6df7dbb8186fa70cd6478d48e69a89e671476f814e5da1afbcdf37
SHA512841f5cdce292f4531eaade0bda58b184f9cc15da7618ea1962d836eb8e08d459a6a0f35c5d5ee284c535214df824512f272ea30f7bddbe3b7e06f0b61edcb012
-
Filesize
48KB
MD5494a6df948a03019c85c5fb8f23f0b02
SHA1b7b3fe7c148c58d7aa299602e8a67136db293287
SHA256e855301f9312c9df0f5a331cef624846347369753437eb3331b044c0668f265e
SHA512099e5347b8713c8211fb9397064058940da4325111bdaf452e04c7824ad0a74ca9973e93bb76aa2b85ae457d2b48591cd6198584957850fb514d2dfdf51590d4
-
Filesize
79B
MD5e8eb2a43f72a42d4fbb58b3b5ccdfdc4
SHA14c3707c8e524a8dbc6ca1e1a7a6bf9f229664765
SHA25606f63c9c4059858324bd60de4965d4b9a75ea60774d2d7e9b38a4d3254e5d94b
SHA512d097551e363e2de142e4611f0890cc727216f9cc9b61801fd56864b59cb9dd17bc9299dfe4dd41f1a360f30182e0bf5bf128a382b0c4a58880fce1054a947e69
-
Filesize
7.7MB
-
Filesize
7.7MB
-
Filesize
4KB
-
Filesize
32KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB