Overview

overview

10

Static

static

10

311edf744c...86.exe

windows10-ltsc 2021-x64

9

Resubmissions

06-11-2024 06:26

241106-g7gtysvma1 10

25-06-2024 18:18

240625-wxkv7avfjf 10

Analysis

  • max time kernel
    149s
  • max time network
    141s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    06-11-2024 06:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    311edf744c2e90d7bfc550c893478f43d1d7977694d5dcecf219795f3eb99b86.exe

  • Size

    145KB

  • MD5

    76b23dd72a883d8b1302bb4a514b7967

  • SHA1

    338e19e8a3615c29d8a825ebba66cf55fa0caa2c

  • SHA256

    311edf744c2e90d7bfc550c893478f43d1d7977694d5dcecf219795f3eb99b86

  • SHA512

    39d98f914ec9d8551a894306163bc726f035f9228f3f198de78555988cea5a7b423be8c2a19913c76b996220a81a9b3a257b7f0af67913aa8a50b77321b17735

  • SSDEEP

    1536:azICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDtCYU0GsvgtwjECrozUYj3PeAU2:pqJogYkcSNm9V7DtCCGsg+AmYylQhTT

Score
9/10
discoveryransomwarespywarestealer

Malware Config

Signatures

  • Renames multiple (538) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies registry class 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\311edf744c2e90d7bfc550c893478f43d1d7977694d5dcecf219795f3eb99b86.exe
    "C:\Users\Admin\AppData\Local\Temp\311edf744c2e90d7bfc550c893478f43d1d7977694d5dcecf219795f3eb99b86.exe"
    1⤵
    • Drops desktop.ini file(s)
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1736
  • C:\Windows\system32\OpenWith.exe
    C:\Windows\system32\OpenWith.exe -Embedding
    1⤵
    • Modifies registry class
    • Suspicious use of SetWindowsHookEx
    PID:3680
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4592

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-641261377-2215826147-608237349-1000\desktop.ini
    Filesize

    129B

    MD5

    6f86430fd71536b6939002c86bc50307

    SHA1

    786b5b401211dc438808eba1e256b6050529245d

    SHA256

    00119260976026bfb0b4984f511438cb77c1f7bc07bd7b8ec9cab21cba335f7d

    SHA512

    ff2b50af1be96328c80583e6e99173814adbf41de6f26420783718e14cedc1a13baa4bb558656002142ad81c2deb08bbfa52e91833ca9cd330bb78ca74874889

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-641261377-2215826147-608237349-1000\DDDDDDDDDDD
    Filesize

    129B

    MD5

    65c44be3ea6375e559bebb50880faf9c

    SHA1

    bbde47cc38c6affc7d97d535617f1c842ccaedf2

    SHA256

    a13ef47e13e77719c7bb10fe883abb9b5141be49bf0c5226dcbb966276304b82

    SHA512

    ab391cffc5a00cfc6d88710b06957eac74c480f514de96d754aef6404c477f2a8333fc750a66e30eb2de930b40a9c1352074696d7c3051d546d0b69b742f0dc4

    Download Submit

  • memory/1736-0-0x0000000000A50000-0x0000000000A60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1736-2-0x0000000000A50000-0x0000000000A60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1736-1-0x0000000000A50000-0x0000000000A60000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4592-625-0x000001BE30FF0000-0x000001BE30FF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4592-626-0x000001BE30FF0000-0x000001BE30FF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4592-624-0x000001BE30FF0000-0x000001BE30FF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4592-636-0x000001BE30FF0000-0x000001BE30FF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4592-635-0x000001BE30FF0000-0x000001BE30FF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4592-634-0x000001BE30FF0000-0x000001BE30FF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4592-633-0x000001BE30FF0000-0x000001BE30FF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4592-632-0x000001BE30FF0000-0x000001BE30FF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4592-631-0x000001BE30FF0000-0x000001BE30FF1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4592-630-0x000001BE30FF0000-0x000001BE30FF1000-memory.dmp

    Filesize

    4KB

    Download