Analysis

  • max time kernel
    149s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/08/2024, 03:37

General

  • Target

    d6442bf232a69f4cb21a4b47d62aa90e39517da33fbfbe76dbf3809e78d5d409.exe

  • Size

    102KB

  • MD5

    d1c8b9319efc2ad923c6b00c28887c5f

  • SHA1

    0141c1488743d03898d8f10bfde284e4bb28f572

  • SHA256

    d6442bf232a69f4cb21a4b47d62aa90e39517da33fbfbe76dbf3809e78d5d409

  • SHA512

    ea190937c7df13c023ae4484000315e899e8db9d68f6fa21db68bafbc564b457fe6651597631e09c6910d4ba481eb25098ad623a77cdc585428104f3ff8f5653

  • SSDEEP

    3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBm:PqFF2Ie+efsim2l

Score
9/10

Malware Config

Signatures

  • Renames multiple (5033) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\d6442bf232a69f4cb21a4b47d62aa90e39517da33fbfbe76dbf3809e78d5d409.exe
    "C:\Users\Admin\AppData\Local\Temp\d6442bf232a69f4cb21a4b47d62aa90e39517da33fbfbe76dbf3809e78d5d409.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1176

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.tmp

    Filesize

    103KB

    MD5

    5454f8c15e8dc82ec00f428858c20507

    SHA1

    b2457a7eb5dea9426534f8ff71789e7ca5b4d1de

    SHA256

    e9d553542acaf8e5143bfae6d45e541a4022257f15e195f97ccb70456db1e254

    SHA512

    23c7654bda1a6e43a65b5759d3567512d8a3448a7903bfee1fd977eebd69db8a5a066fd26c989eba1694bce8b434f213ca84fd391f0a6f3f971d2e574228fb1d

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    201KB

    MD5

    d84458a4479041e15ffa37f862e9d55f

    SHA1

    4b22121981a3264a6502d02f8af6d69875e1da81

    SHA256

    7d621da958446ca7fdb42e61daf096a2d9bf840a448b1543edc803bc32e12936

    SHA512

    e552d29e88443d0d74d46e99932725479d950f28daa238286bf355191d3b255279d0ad520a7949bce52154878f255ad17fd53ec2c964080c68bbe76180c767a7