17b4d01d32c64a62e36496829da323fe308437048ca87143de7365fabd4194fd

Submit
Reports

Overview

overview

Static

static

DUMP_00A10...iR.exe

windows7-x64

DgH5SjZFle...DI.exe

windows7-x64

Dumped_.exe

windows7-x64

EntrateSetup.exe

windows7-x64

ErrorFileRemover.exe

windows7-x64

ExtraTools.exe

windows7-x64

F45F47EDCE...54.exe

windows7-x64

decrypt_00...00.exe

windows7-x64

dffde400ad...3d.exe

windows7-x64

dircrypt.deobf.exe

windows7-x64

dma locker 4.0.exe

windows7-x64

downloader.js

windows7-x64

dump.mem.exe

windows7-x64

e0ff79cc94...ss.exe

windows7-x64

e37dc428ec...ad.vbs

windows7-x64

e5df2d114c...8a.exe

windows7-x64

e6c4ae4709...ss.exe

windows7-x64

e77df2ce34...2d.exe

windows7-x64

e8e07496df...d2.exe

windows7-x64

ea8292721a...1e.exe

windows7-x64

eaa857c95f...er.dll

windows7-x64

ed3a685ca6...91.exe

windows7-x64

edffa07d66...9d5.js

windows7-x64

encrypter.exe

windows7-x64

encryptor_...81.exe

windows7-x64

f002618c01...35.apk

windows7-x64

f213e54c85...ea.exe

windows7-x64

f2c8eee2cd...3f.exe

windows7-x64

f31bfe95e3...7_.exe

windows7-x64

f6a8d7a429...da.exe

windows7-x64

f915110765...da.exe

windows7-x64

fb8823e949...-0.dll

windows7-x64

Analysis

max time kernel
363s
max time network
368s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
22-11-2024 03:25

Sharing

Copy URL

Twitter E-mail

Static task

static1

upx

3 signatures

Behavioral task

behavioral1

Sample

DUMP_00A10000-00A1D000.exe.ViR.exe

Resource

win7-20240903-en

discovery persistence upx

windows7-x64

11 signatures

600 seconds

Behavioral task

behavioral2

Sample

DgH5SjZFleOYoBTyxcgMDlZF9brN1mDI.exe

Resource

win7-20240708-en

discovery persistence upx

windows7-x64

12 signatures

600 seconds

Behavioral task

behavioral3

Sample

Dumped_.exe

Resource

win7-20240903-en

windows7-x64

1 signatures

600 seconds

Behavioral task

behavioral4

Sample

EntrateSetup.exe

Resource

win7-20240903-en

defense_evasion discovery evasion execution impact persistence ransomware trojan

windows7-x64

12 signatures

600 seconds

Behavioral task

behavioral5

Sample

ErrorFileRemover.exe

Resource

win7-20241010-en

discovery persistence

windows7-x64

15 signatures

600 seconds

Behavioral task

behavioral6

Sample

ExtraTools.exe

Resource

win7-20240903-en

discovery

windows7-x64

7 signatures

600 seconds

Behavioral task

behavioral7

Sample

F45F47EDCED7FAC5A99C45AB4B8C2D54.exe

Resource

win7-20240903-en

discovery evasion persistence upx

windows7-x64

13 signatures

600 seconds

Behavioral task

behavioral8

Sample

decrypt_0000000000000020-000A0000.exe

Resource

win7-20240903-en

discovery persistence

windows7-x64

3 signatures

600 seconds

Behavioral task

behavioral9

Sample

dffde400ad3d2af2bbd61c58bed9dcf7e3e37cec6210c9841d8ed5dc9117343d.exe

Resource

win7-20241010-en

crypvault pony collection credential_access defense_evasion discovery execution impact persistence ransomware rat spyware stealer

windows7-x64

26 signatures

600 seconds

Behavioral task

behavioral10

Sample

dircrypt.deobf.exe

Resource

win7-20241023-en

discovery evasion persistence trojan upx

windows7-x64

20 signatures

600 seconds

Behavioral task

behavioral11

Sample

dma locker 4.0.exe

Resource

win7-20240903-en

defense_evasion discovery execution impact persistence ransomware

windows7-x64

9 signatures

600 seconds

Behavioral task

behavioral12

Sample

downloader.js

Resource

win7-20241010-en

execution ransomware spyware stealer

windows7-x64

6 signatures

600 seconds

Behavioral task

behavioral13

Sample

dump.mem.exe

Resource

win7-20240903-en

discovery persistence

windows7-x64

2 signatures

600 seconds

Behavioral task

behavioral14

Sample

e0ff79cc943f489668067ec3be11398a084a76ecd0283c9e18b2d0bf6e464c32_not_packed_maybe_useless.exe

Resource

win7-20240708-en

discovery persistence

windows7-x64

7 signatures

600 seconds

Behavioral task

behavioral15

Sample

e37dc428ec65a38707ad9e247950f3501a94e4abccb737a3562d69032c8505ad.vbs

Resource

win7-20240903-en

windows7-x64

0 signatures

600 seconds

Behavioral task

behavioral16

Sample

e5df2d114c5f69c219923fed56c8aa7ee912020ba7589e88f2729285c1f5788a.exe

Resource

win7-20240729-en

defense_evasion discovery ransomware spyware stealer

windows7-x64

12 signatures

600 seconds

Behavioral task

behavioral17

Sample

e6c4ae470977aa78d1005746ae05deea0bf3b4260f88865662a35f99b2559dbc_not_packed_maybe_useless.exe

Resource

win7-20240708-en

windows7-x64

1 signatures

600 seconds

Behavioral task

behavioral18

Sample

e77df2ce34949eb11290445a411a47fb927e8871e2580897581981d17730032d.exe

Resource

win7-20240903-en

windows7-x64

0 signatures

600 seconds

Behavioral task

behavioral19

Sample

e8e07496df5370d2e49ecce5a47c1fd2.exe

Resource

win7-20240903-en

xorist discovery persistence ransomware spyware stealer upx

windows7-x64

20 signatures

600 seconds

Behavioral task

behavioral20

Sample

ea8292721a34ca2f1831447868bbe91e.exe

Resource

win7-20240903-en

discovery

windows7-x64

3 signatures

600 seconds

Behavioral task

behavioral21

Sample

eaa857c95fca38ca08411b757f4ad2a841cfb9782deca8abf64aada445923c0d_Stealer.dll

Resource

win7-20241010-en

windows7-x64

0 signatures

600 seconds

Behavioral task

behavioral22

Sample

ed3a685ca65de70b79faf95bbd94c343e73a150e83184f67e0bdb35b11d05791.exe

Resource

win7-20240903-en

defense_evasion discovery execution impact ransomware spyware stealer

windows7-x64

8 signatures

600 seconds

Behavioral task

behavioral23

Sample

edffa07d667dbd224682639f56eb1b913e4ffeac874999e02c23e86eeb6489d5.js

Resource

win7-20241023-en

pony collection credential_access discovery execution persistence rat spyware stealer

windows7-x64

18 signatures

600 seconds

Behavioral task

behavioral24

Sample

encrypter.exe

Resource

win7-20240903-en

defense_evasion discovery evasion execution impact ransomware spyware stealer

windows7-x64

10 signatures

600 seconds

Behavioral task

behavioral25

Sample

encryptor_raas_9cffd965b4a0e662f6b98fd47d3b6ec9bc1b8581.exe

Resource

win7-20240903-en

defense_evasion discovery execution impact persistence ransomware spyware stealer

windows7-x64

16 signatures

600 seconds

Behavioral task

behavioral26

Sample

f002618c01fe652f7f00eabd0e890e4992ccce818dfb2863e82c43f793685635.apk

Resource

win7-20240729-en

discovery

windows7-x64

6 signatures

600 seconds

Behavioral task

behavioral27

Sample

f213e54c8520e7458751020edf15a5ea.exe

Resource

win7-20241010-en

windows7-x64

0 signatures

600 seconds

Behavioral task

behavioral28

Sample

f2c8eee2cd88b834e9d4c0eb4930f03f.exe

Resource

win7-20241023-en

warzonerat discovery infostealer persistence rat

windows7-x64

9 signatures

600 seconds

Behavioral task

behavioral29

Sample

f31bfe95e31d761459b885052d35ba5e25ab19333378fb72b12efd675f6018d7_.exe

Resource

win7-20241010-en

discovery persistence

windows7-x64

10 signatures

600 seconds

Behavioral task

behavioral30

Sample

f6a8d7a4291c55020101d046371a8bda.exe

Resource

win7-20240903-en

discovery ransomware

windows7-x64

2 signatures

600 seconds

Behavioral task

behavioral31

Sample

f9151107655aaa6db995888a7cb69ada.exe

Resource

win7-20240708-en

discovery spyware stealer

windows7-x64

5 signatures

600 seconds

Behavioral task

behavioral32

Sample

fb8823e9494016f59ab25ec6cc0961da_api-ms-win-system-softpub-l1-1-0.dll

Resource

win7-20241010-en

windows7-x64

0 signatures

600 seconds

Report Analysis Logs

General

Target

f213e54c8520e7458751020edf15a5ea.exe
Size

208KB
MD5

f213e54c8520e7458751020edf15a5ea
SHA1

9ff0b2f8c83d6efea0dad136179a83d33cc141eb
SHA256

2cd85dc5040ecbc052bb243575c8f9924afafdbf774a21afe03d2d4896e5d0e1
SHA512

70e3b96da403d6d5be5a00022e4b0cd30eeaecbcb3b3f3e462695c2b0400db1fcefaaecffc9ffc40528b255dd34a126613bcf99764abe7c007b5e22c39655622
SSDEEP

3072:RM+lmsolAIrRuw+mqv9j1MWLQkMTmmsolNIrRuw+mqv9j1MWLQa:K+lDAAqTmDAN

Score

1^/10

Malware Config

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\f213e54c8520e7458751020edf15a5ea.exe
"C:\Users\Admin\AppData\Local\Temp\f213e54c8520e7458751020edf15a5ea.exe"
1⤵
PID:2864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2864-0-0x000007FEF5A53000-0x000007FEF5A54000-memory.dmp

Filesize
4KB

Download
memory/2864-1-0x0000000000970000-0x00000000009AA000-memory.dmp

Filesize
232KB

Download
memory/2864-2-0x000007FEF5A50000-0x000007FEF643C000-memory.dmp

Filesize
9.9MB

Download
memory/2864-3-0x000007FEF5A50000-0x000007FEF643C000-memory.dmp

Filesize
9.9MB

Download
memory/2864-4-0x000007FEF5A50000-0x000007FEF643C000-memory.dmp

Filesize
9.9MB

Download
memory/2864-5-0x000007FEF5A53000-0x000007FEF5A54000-memory.dmp

Filesize
4KB

Download
memory/2864-6-0x000007FEF5A50000-0x000007FEF643C000-memory.dmp

Filesize
9.9MB

Download