Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/08/2024, 19:52

General

  • Target

    2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe

  • Size

    72KB

  • MD5

    0ac0b4821bab2596e7fee0cddaec2979

  • SHA1

    a4ef61cf6c1436726ab49bb3468c97f843f2b0dc

  • SHA256

    2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898

  • SHA512

    61ac0e6c4a742345729b4a72e399925cfd8e8dd9abb2a2eab45eabc95bc39cb6c28395c9a6996b9438c15e111e08974ceeb535ffa2a454fa17fdc4bb98f7a51f

  • SSDEEP

    768:W7BlpppARFbhjbhg42LcfpR42LcfpW/P3bG3b52M+++++++Ehhp4BybOHK4UcyLj:W7ZppApBULcfpHLcfp241BoLqrN1

Score
9/10

Malware Config

Signatures

  • Renames multiple (5191) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
    "C:\Users\Admin\AppData\Local\Temp\2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-523280732-2327480845-3730041215-1000\desktop.ini.tmp

    Filesize

    72KB

    MD5

    f9e5278d15f8ca1ff8ffc332be5573b1

    SHA1

    303eedf73e04e07f52c8f37e7e37bee47b8177a4

    SHA256

    dbd7edc1525d4f084d2efaa7002783d4a728eae7408d8e07fbb9b8c16c35e922

    SHA512

    0e79bf8b9fa796263fa61ef87f022668b8dfe0f2720b5c59d372ca7b27e3cfd4771bd9963e94077d17eb76e7fb197f96c53d7447bc14c89447b77bee8c4a6e56

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    171KB

    MD5

    dc4f665fa452c5a85d264b7e278e449c

    SHA1

    5fcae0166b274393421b1d9754badbf8bed519b7

    SHA256

    656278ab538d8d5a21e5e36c4c63e9c18cc2398e1f92ff1c33a42c8ec8fa8703

    SHA512

    68929afb83e156ee6ae3457b2a0bf98bf38349e5fd7e4815cab4707bfbe7328ccef065026ed91fd21f4d18270eb4418fabf4a063cdc645feea28f1be23edfd47