Overview

overview

10

Static

static

10

2025-01-15...de.exe

windows7-x64

7

2025-01-15...de.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-01-2025 11:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-01-15_1d073f93fb5d03cf4a956ef84ea5f421_darkside.exe

  • Size

    145KB

  • MD5

    1d073f93fb5d03cf4a956ef84ea5f421

  • SHA1

    64c6f72e368f74479b90cf7b24e9e3ec1d5e9940

  • SHA256

    13d72d8ee7cdd0d2e343b6dc08b957c9796d411062c6be9d864bded9d7e4c9e1

  • SHA512

    a454402d654b05d1cb866cdf836ad137396c777e11c590542d69e1e69ff5fb8f728c4ebdc77a5600369731ea440f28d8b25320190b27c34637d73c69a15397fe

  • SSDEEP

    1536:qzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDmNgwg0XiOiu/8EINw5YkjPGHUk:ZqJogYkcSNm9V7Dm7i1j0XjuT

Score
7/10
discoveryspywarestealer

Malware Config

Signatures

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-01-15_1d073f93fb5d03cf4a956ef84ea5f421_darkside.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-01-15_1d073f93fb5d03cf4a956ef84ea5f421_darkside.exe"
    1⤵
    • Drops desktop.ini file(s)
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:5076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\DDDDDDDDDDD
    Filesize

    129B

    MD5

    984a066b62cdc079bd65e13710d40a2a

    SHA1

    33c1dcd852d327c18241e82a36bae63be64084ff

    SHA256

    9c1cdb38e6e6337319a309e06aa21d325c136a59d3bdd72ae57b981cf596815a

    SHA512

    76ac7cb3b68f15beacd5ef06075eacb505073480c248b69e8aa30588d6e11d3810717b0d56d37d0d67ed7bbcfa4e46e8fbf35441c4e5534941746d07ed0060e0

    Download Submit

  • C:\dfsQPArFx.README.txt
    Filesize

    423B

    MD5

    109d41696f4c8d303381d5f5544a234b

    SHA1

    71a609701a11e57874d5a94f8b6bf1d1d6670012

    SHA256

    643595d235d806051d48d268f8eecfedd1a9c13b5de803484181633522b37f8b

    SHA512

    544e30f5cedb8574e20e6382035f407130a4941dcf681e55f4983d526ec9985ac9db1bbd83c7f6ae4230212c58b0cfbabc90fab31981ab60ec9670490bddf7f3

    Download Submit

  • F:\$RECYCLE.BIN\S-1-5-21-4089630652-1596403869-279772308-1000\DDDDDDDDDDD
    Filesize

    129B

    MD5

    230d29077ad48e7604bde5eef38d2a0f

    SHA1

    01e5a8ceba330f7a0b17eae70246fc4e79477792

    SHA256

    2a2b1d87f6134f8eb35926c7925c140f18fa84f7dc78b4c35dd8980359c8b1c8

    SHA512

    2389bbbaf8f639571a1f19ce65058a34a0f7bc6c9b7d836ca375f77a217cc053da1aabc3ff59313ae7ff5c9dde6fd2e9488130394fb0583d50e581d542e96df4

    Download Submit

  • memory/5076-2-0x0000000003450000-0x0000000003460000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-0-0x0000000003450000-0x0000000003460000-memory.dmp

    Filesize

    64KB

    Download

  • memory/5076-1-0x0000000003450000-0x0000000003460000-memory.dmp

    Filesize

    64KB

    Download