Overview

overview

10

Static

static

10

311edf744c...86.exe

windows7-x64

9

311edf744c...86.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06-11-2024 06:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    311edf744c2e90d7bfc550c893478f43d1d7977694d5dcecf219795f3eb99b86.exe

  • Size

    145KB

  • MD5

    76b23dd72a883d8b1302bb4a514b7967

  • SHA1

    338e19e8a3615c29d8a825ebba66cf55fa0caa2c

  • SHA256

    311edf744c2e90d7bfc550c893478f43d1d7977694d5dcecf219795f3eb99b86

  • SHA512

    39d98f914ec9d8551a894306163bc726f035f9228f3f198de78555988cea5a7b423be8c2a19913c76b996220a81a9b3a257b7f0af67913aa8a50b77321b17735

  • SSDEEP

    1536:azICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDtCYU0GsvgtwjECrozUYj3PeAU2:pqJogYkcSNm9V7DtCCGsg+AmYylQhTT

Score
9/10
discoveryransomwarespywarestealer

Malware Config

Signatures

  • Renames multiple (332) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\311edf744c2e90d7bfc550c893478f43d1d7977694d5dcecf219795f3eb99b86.exe
    "C:\Users\Admin\AppData\Local\Temp\311edf744c2e90d7bfc550c893478f43d1d7977694d5dcecf219795f3eb99b86.exe"
    1⤵
    • Drops desktop.ini file(s)
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3044
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x14c
    1⤵
      PID:2220

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\AAAAAAAAAAA
      Filesize

      129B

      MD5

      0ac1bec6f3ef0989b9924ea201db6d52

      SHA1

      92afce4abacf9554cb34246781c1ba61cd49e1a1

      SHA256

      5a6be4cf8dcb6cd8ff46b3ae249bc7312a85066849b120f6b7ff3b78c434360e

      SHA512

      ed4197b956c64e2ab87b11e08996023993ccfc728a3f416058f47d2694ed93d205b67833942b9927a77424c702041d70f7960b3532be79fe8160b00535bef1a3

      Download Submit

    • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bhg31lui.default-release\cache2\entries\C982342375C355A44C213031EEAC97222E1367E1.FihqnBxYm
      Filesize

      13KB

      MD5

      8f4c38a7266a79f0998e1764d12b9f34

      SHA1

      baecc79c48ba6de7db98b0bce7579302a7fa1889

      SHA256

      8999310b6091a46d09baf357650cfb60671d0093e1a6f44c10f48dd5cd67693a

      SHA512

      6896e136b0585387e03e7233801f34bd1515b72f8cc0ee4d1daa7afc96cf6fb8754e1dcd8da8127a9e976aeea36ca33b84c32ae6d4109d025234ce91faa71f45

      Download Submit

    • F:\$RECYCLE.BIN\S-1-5-21-3063565911-2056067323-3330884624-1000\DDDDDDDDDDD
      Filesize

      129B

      MD5

      77303c429ea7233b546fc9f5181ef334

      SHA1

      d1305d798eb747c0b0af445fdd442a07daa3c3e4

      SHA256

      ea1385ecaf62c4a638050919e7b1176f024b4a0c793a67a31653187ee80eab16

      SHA512

      ae1b352b62da529d8dc0bc3995ac5fff8e494c56be6916b9a4ecca7962e40d7e67d045c96565333bbf72bea381c9c5fc07c9419aa5267eef2999ac10b4d2b473

      Download Submit

    • memory/3044-0-0x00000000000F0000-0x0000000000130000-memory.dmp

      Filesize

      256KB

      Download