710ae372c264b9b1d16b1a0a25a4cdae99ab4a4c67db1fea5ad4ecb3e894bcd4

Analysis

Target

0c2013904dddc7a75d7cfb297b302b30b4ceb0caaf13af01097e422cfcd9392c.exe
Size

537KB
MD5

dcc11d6bcb5db3714555eeab0f426355
SHA1

c85bf19f5cb2ea39aa1eab88c3da82be498c99e3
SHA256

0c2013904dddc7a75d7cfb297b302b30b4ceb0caaf13af01097e422cfcd9392c
SHA512

bd725a4c98a3324277c6f3553da0ab2b195155770816afe7cd12d83310edbb2a1a4234ec5eb24dd3fec365b748a14cc7394d8bf8d012dd975e4b573c63111ac1

Score

8^/10

Modifies extensions of user files 7 IoCs

Ransomware generally changes the extension on encrypted files.

Processes:

0c2013904dddc7a75d7cfb297b302b30b4ceb0caaf13af01097e422cfcd9392c.exe

description	ioc	process
File created	C:\Users\Admin\Pictures\NewStart.tiff_out	0c2013904dddc7a75d7cfb297b302b30b4ceb0caaf13af01097e422cfcd9392c.exe
File created	C:\Users\Admin\Pictures\PushUnprotect.png_out	0c2013904dddc7a75d7cfb297b302b30b4ceb0caaf13af01097e422cfcd9392c.exe
File created	C:\Users\Admin\Pictures\RegisterUse.tiff_out	0c2013904dddc7a75d7cfb297b302b30b4ceb0caaf13af01097e422cfcd9392c.exe
File created	C:\Users\Admin\Pictures\RequestConvertTo.raw_out	0c2013904dddc7a75d7cfb297b302b30b4ceb0caaf13af01097e422cfcd9392c.exe
File created	C:\Users\Admin\Pictures\UndoRevoke.png_out	0c2013904dddc7a75d7cfb297b302b30b4ceb0caaf13af01097e422cfcd9392c.exe
File created	C:\Users\Admin\Pictures\CheckpointRemove.tif_out	0c2013904dddc7a75d7cfb297b302b30b4ceb0caaf13af01097e422cfcd9392c.exe
File created	C:\Users\Admin\Pictures\CheckpointShow.png_out	0c2013904dddc7a75d7cfb297b302b30b4ceb0caaf13af01097e422cfcd9392c.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081

Drops startup file 1 IoCs

Processes:

0c2013904dddc7a75d7cfb297b302b30b4ceb0caaf13af01097e422cfcd9392c.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini_out	0c2013904dddc7a75d7cfb297b302b30b4ceb0caaf13af01097e422cfcd9392c.exe

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

memory/1108-0-0x0000000001F60000-0x0000000001F71000-memory.dmp

Filesize
68KB

Download