Analysis

  • max time kernel
    149s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-08-2024 02:37

General

  • Target

    98812de6b363561a107c7c0091aafb379564a7f2b92cf53f050e2a0ee096aeb2.exe

  • Size

    28KB

  • MD5

    8ceef7814a0552f57907d6fca6733940

  • SHA1

    3a01c224c371185f3d4e3f10cc403e7829bfdfb8

  • SHA256

    98812de6b363561a107c7c0091aafb379564a7f2b92cf53f050e2a0ee096aeb2

  • SHA512

    f7190a734a83cc9e3dd8af1efac39a13b7f43312594baee27928bac0fc932d134d5f5e8a09209a44868bca01bf4c86fd0ba7a3d33c0f3879d2f27e9672a77090

  • SSDEEP

    768:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJhATBHfBo8o3PD:CTW7JJZENTBHfiPD

Malware Config

Signatures

  • Renames multiple (5024) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\98812de6b363561a107c7c0091aafb379564a7f2b92cf53f050e2a0ee096aeb2.exe
    "C:\Users\Admin\AppData\Local\Temp\98812de6b363561a107c7c0091aafb379564a7f2b92cf53f050e2a0ee096aeb2.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1968

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-195445723-368091294-1661186673-1000\desktop.ini.tmp

    Filesize

    29KB

    MD5

    342314015fca9e6a3901644711d3fab0

    SHA1

    d7070279a14327134daf2bd8ae1b708b286dbc97

    SHA256

    48c6f2af5cea8d7068ec5dcd22fb4b7b09165cac42ff25defcf19c543a4f2f1f

    SHA512

    827ddfc3f1e47a275f13c0f3b5c70098912cbaf97f7cb4edd81517ac275dbd4a748b5d59dd8ccef202ee2ad29f927ae97642c24e09b9ca0aedd5e1bfa3d2fdb2

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    127KB

    MD5

    cc5fdea99cfafabc8b995ca8eaa99c44

    SHA1

    76612a402e9193dbcaa4f5ab8931e9a6349fa3f5

    SHA256

    c7a6e3f2af1b00279f1fc700f59fda5c218a41daa5ff66eb477bc47d4ccd5d5e

    SHA512

    6bc77bf08de4a0c248be395cc58aebf55571c67a37f0137c1ad8b172c61fa707f898ffb289bab9080728467dc6480d657b8571daa5c2cc0e6e8321dabbd32a94

  • memory/1968-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/1968-1092-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB