Analysis

  • max time kernel
    53s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    12-11-2024 14:09

General

  • Target

    c835200cec2de83edbfd2a71558434fd6dc153e61a62315e63a7b20275253c4c.exe

  • Size

    2.5MB

  • MD5

    10ac63ad526ab652fa9d311908ac00e4

  • SHA1

    ec1fd2c21fd534fa6807bb836e5d4bbb0204217a

  • SHA256

    c835200cec2de83edbfd2a71558434fd6dc153e61a62315e63a7b20275253c4c

  • SHA512

    70c6803b6388f5f9f5c995cd2ea8a4cc4c688743db76147a9a19c2aebab8e28eb8e11acfc59b9206c3386e8709561a79b8d784da1012a8000a6b572c7b313cf9

  • SSDEEP

    49152:yWN3avHK72BX21c1XTxwDqoEZ/SGTip8uRXXYR0Hz:vcLBXjlcaZmxRZz

Malware Config

Signatures

  • Renames multiple (256) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c835200cec2de83edbfd2a71558434fd6dc153e61a62315e63a7b20275253c4c.exe
    "C:\Users\Admin\AppData\Local\Temp\c835200cec2de83edbfd2a71558434fd6dc153e61a62315e63a7b20275253c4c.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2600

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\7-Zip\7z.exe

    Filesize

    544KB

    MD5

    c0a74023b633fd962053fc9592d18b45

    SHA1

    60a77887f676650119d71cdb4e9cda7234235c8b

    SHA256

    fa14ce0cead3ee68bfe224eb9a2a1ef85261265e31cbb9e4d509800c83338602

    SHA512

    001f577f927ffe51c6152a68e2242245bb299a3cc2d76456b6aa6563e4321b18d728ee5c41dc90ca797c7b8aba16b00a0a2713a20bdace8b1b99d0fd9c4837bb

  • memory/2600-1368-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB