Analysis
-
max time kernel
56s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
12-11-2024 12:28
Static task
static1
Behavioral task
behavioral1
Sample
29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe
Resource
win10v2004-20241007-en
General
-
Target
29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe
-
Size
190KB
-
MD5
896eb6abd96ca30e87bdddb571201b34
-
SHA1
31e732d2b7db45fa8d9bf090c8ea22b0c3c3751b
-
SHA256
29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5
-
SHA512
47d4d1d626feecaa65c375f00853bc16aed059304aea502e1b47e6113a57b1a2977088879b377681b8248daec9a56324f803bf04d1cbc79edb23c2f290aea0ef
-
SSDEEP
3072:PDl9Fmmt0fSoD74DxauQDrF4Z6h/SMYy87vAQxk7y6Jxn7eHHLHZhU2:PDNmmt0fSoD7ya/F66h/SMYy81xke6fS
Malware Config
Signatures
-
Renames multiple (253) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops file in Program Files directory 64 IoCs
Processes:
29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exedescription ioc Process File opened for modification C:\Program Files\VideoLAN\VLC\vlc.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Windows Media Player\wmplayer.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\currency.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\INFOML.ICO.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\fr-FR\settings.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\pack200.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\OnLineBusy.ico.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\calendar.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\cpu.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.ssl.feature_1.0.0.v20140827-1444\license.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.core.feature_1.3.0.v20140523-0116\license.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroTextExtractor.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\ALERT.ICO.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\SETLANG.EXE 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jrunscript.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\RELEASE-NOTES.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\ja-JP\settings.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\it-IT\clock.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\epl-v10.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\vlm_export.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Windows Media Player\wmpenc.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\settings.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Legal\ENU\license.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolIcons\WSS.ICO.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\flyout.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\MSTORE.EXE 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\serialver.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\es-ES\settings.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\settings.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\ink\mip.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms\FormsPreviewTemplate.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\cpu.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\OIS.EXE 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\jmap.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\db\README-JDK.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\lib\nbexec64.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Windows Media Player\WMPDMC.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Adobe\Reader 9.0\Resource\Icons\PDXFile_8.ico.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Windows Media Player\wmlaunch.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\it-IT\settings.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\slideShow.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\jre\bin\tnameserv.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Windows Journal\PDIALOG.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\it-IT\settings.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javaw.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.core.feature_1.1.0.v20140827-1444\epl-v10.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Mozilla Firefox\maintenanceservice.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Mozilla Firefox\pingsender.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\VideoLAN\VLC\lua\http\dialogs\stream_window.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\FORMS\1033\SCDRESPL.ICO.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\GrooveForms3\FormsPreviewTemplate.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe File opened for modification C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.pif 29decfa8ce60019568b4dfcd53b40806f461423031c301f1b82d5f583a647dc5.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
544KB
MD5c0a74023b633fd962053fc9592d18b45
SHA160a77887f676650119d71cdb4e9cda7234235c8b
SHA256fa14ce0cead3ee68bfe224eb9a2a1ef85261265e31cbb9e4d509800c83338602
SHA512001f577f927ffe51c6152a68e2242245bb299a3cc2d76456b6aa6563e4321b18d728ee5c41dc90ca797c7b8aba16b00a0a2713a20bdace8b1b99d0fd9c4837bb