Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-07-2024 04:48

General

  • Target

    dfe0a81c0e35282240220715adf38ef46ead64fe0e42897a29b814d2d84ad9e1.exe

  • Size

    102KB

  • MD5

    157f9e125521e8b2993852f7d808a00f

  • SHA1

    257ac8361d4c44d2a7e6dfcbe1f496d37e1e22fe

  • SHA256

    dfe0a81c0e35282240220715adf38ef46ead64fe0e42897a29b814d2d84ad9e1

  • SHA512

    1b47c3874c63cb4ed5135a76473259421ffd34214c3feb1b88148c78e708d9f139c8c84219eb9466b00ba6a9ce2eab20d6e5a02e95a2d750d9dd9b33d060b2b0

  • SSDEEP

    3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZOf7fz:RqKvb0CYJ973e+eKZOf7fz

Score
9/10

Malware Config

Signatures

  • Renames multiple (1955) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\dfe0a81c0e35282240220715adf38ef46ead64fe0e42897a29b814d2d84ad9e1.exe
    "C:\Users\Admin\AppData\Local\Temp\dfe0a81c0e35282240220715adf38ef46ead64fe0e42897a29b814d2d84ad9e1.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1750093773-264148664-1320403265-1000\desktop.ini.tmp

    Filesize

    102KB

    MD5

    c5734bd30f5c9670c9152e886a59595b

    SHA1

    628d1ccd625343f7ebae0f9b798f5a7fc88861df

    SHA256

    d5b490b0ef81cdb43529852f4dd96aa3abbd244529201124a332adbc65ed20b8

    SHA512

    3196ea1ce9ff6468f7dd74f7e43fbcb7f2204e835474bdd46e640f9f5f238b03cdf78ca8461ce908435328483d235fe6a307dcb7c00f0c4a945a6b008f1fc73c

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    201KB

    MD5

    9b3982fc91f919227841b7e6a12270d4

    SHA1

    0b634eb78da20159a7d0d5328bf6605922b68e15

    SHA256

    1dd4be4b6cc2d92288718d7954c4ccb944d11792bf43111ee28d027fb1a4edc3

    SHA512

    206183cedfc213e9e73b69c5c8993affeca80f40dadf3f1c23a828520d5c0ea9074e23bded140564611defc2494f6af1540fae0698169345a5c4e480c3d5af6e