Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 19:58

General

  • Target

    29e80d1d62738591dd80c096ae7ba82cd36f69a27ff25302fbd07a1a2dbf953b.exe

  • Size

    71KB

  • MD5

    a3db675b198cc03c48fd8efff84f7670

  • SHA1

    4b317989ffb30bcacaf1845c464ee350b16d1bf8

  • SHA256

    29e80d1d62738591dd80c096ae7ba82cd36f69a27ff25302fbd07a1a2dbf953b

  • SHA512

    2c3b9acdbecbf51f495340169e6fb37c4c0008342760c86c5ebc8886c8ab7195b0281fb9b959498f1d1dc9017e4ee4030f7b799b557ae63719215700017d689f

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zx3:fnyiQSo+

Malware Config

Signatures

  • Renames multiple (4184) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\29e80d1d62738591dd80c096ae7ba82cd36f69a27ff25302fbd07a1a2dbf953b.exe
    "C:\Users\Admin\AppData\Local\Temp\29e80d1d62738591dd80c096ae7ba82cd36f69a27ff25302fbd07a1a2dbf953b.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:212

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-47134698-4092160662-1261813102-1000\desktop.ini.tmp

          Filesize

          71KB

          MD5

          4fe35a0a225249135b5c83c6f80118e8

          SHA1

          a946865a5158a464510dc499a20a9f9aab2aa93b

          SHA256

          ad2d3c85d9c3cac6bcf51fe5f4b85ace197da0cfd77c86eacd3c37eeff345a8a

          SHA512

          f94c6f7bf450e0ec13fec7fa324507316e6428886cfcce00ebd0c50543513cf69adc39a6ce85df8cd7ea8163c3a5d51c9dcaba92862abcd78e6fdd4afb3ba870

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          170KB

          MD5

          7cd23f9ff3b7ac3a398aa1d934b1ffc0

          SHA1

          57c8c11d3a1522345d7c3a40d8971710492f706d

          SHA256

          69138cc42d378e0b1e7ac6e078d3f59ff88089b2780fa504e953cd4684918f6b

          SHA512

          264ddb7a88ad7b222b6e49c6b8102678deba37bb16dac648f589703ddc4fe6d3853f49b2f60079c6b7d4cbbff0f5528ec3797b2b877631fc1b47da6597a31f4d

        • memory/212-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/212-1586-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB