Overview

overview

10

Static

static

10

2025-01-01...de.exe

windows7-x64

9

2025-01-01...de.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-01-2025 10:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-01_e69d2b8d2b57e14ba567555313f06e84_darkside.exe

  • Size

    145KB

  • MD5

    e69d2b8d2b57e14ba567555313f06e84

  • SHA1

    d26fbeda7aa0ce38eba80877c8c8670aafe3eebb

  • SHA256

    d62754b5a0886643f185cdb0099c6bf5e9c17c13654d7b191ae8fcee21a7f111

  • SHA512

    a1e663413d417d2763f6f00800c802c9d813cfdb0be6f051ceab73a5a32a7299fb51cfcd3b9a8a0bf23ecc1ff2f9c6802c39a83dd32b8ac7825397a60372eed9

  • SSDEEP

    1536:lzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xD3+CXCeoYnTSo1wm6srHUyz:mqJogYkcSNm9V7D3DlXnTScZTT

Score
9/10
discoveryransomwarespywarestealer

Malware Config

Signatures

  • Renames multiple (625) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-01_e69d2b8d2b57e14ba567555313f06e84_darkside.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-01_e69d2b8d2b57e14ba567555313f06e84_darkside.exe"
    1⤵
    • Drops desktop.ini file(s)
    • System Location Discovery: System Language Discovery
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1096

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini
    Filesize

    129B

    MD5

    f277fcb2a42cc2b530621e28ad6fe4ad

    SHA1

    6d34c04cfebcb8b004163101bc8fbec89f7e439b

    SHA256

    e26b28b1bdedc728c9c887bcc789962868104996495c3784251bf28f5dd11843

    SHA512

    dbf7e1d3b3e57f8a6d618c6be98cc2165c44e729ab084bbbe7a1225497caafe250a6cee534e8c1ce7600747da9ead065d1e840f49c0528080f821cbf3de42309

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-3227495264-2217614367-4027411560-1000\DDDDDDDDDDD
    Filesize

    129B

    MD5

    5d1afc53001bf67acfc1f5c0dc1e843f

    SHA1

    903371be621ce1f504571326bdfe311b33352608

    SHA256

    7a09290bd5793749d30c07b4ea5d540db65211f5f4df79a7280240fb9f3414af

    SHA512

    f479fe1c9adebefdb9d9131edbba6186260908814e58e1994db7af552441c23937b4e1d5efef7d4c94bf0c9cbead1ffe9bdcd0115d7987d38034ee14f0352a9c

    Download Submit

  • memory/1096-0-0x00000000009A0000-0x00000000009B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1096-1-0x00000000009A0000-0x00000000009B0000-memory.dmp

    Filesize

    64KB

    Download