Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-08-2024 22:55

General

  • Target

    74ee7e4bf30b5880c2a86ddd357a829072f384a1ef46b80aba545a7d967c8b94.exe

  • Size

    353KB

  • MD5

    535f694b6554a95d610857645f0bd04b

  • SHA1

    83eb3981d560e45ae6ce18f7eaf8967102495b74

  • SHA256

    74ee7e4bf30b5880c2a86ddd357a829072f384a1ef46b80aba545a7d967c8b94

  • SHA512

    9039dcb96aa49ede7447dfa1ad876a7110979d1e4721998c83ac16d4ca9671c515df6650d15727da99f42e35c15e065231c61a956dc470333ba29ddd1383feda

  • SSDEEP

    3072:6e7WpuwfSkhvFpe+Zd+DjFWGDqkUJxsUYJwgH:RqFZht3d+b/

Score
9/10

Malware Config

Signatures

  • Renames multiple (4311) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\74ee7e4bf30b5880c2a86ddd357a829072f384a1ef46b80aba545a7d967c8b94.exe
    "C:\Users\Admin\AppData\Local\Temp\74ee7e4bf30b5880c2a86ddd357a829072f384a1ef46b80aba545a7d967c8b94.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-523280732-2327480845-3730041215-1000\desktop.ini.tmp

    Filesize

    353KB

    MD5

    5080e0c8005978f662fc2075b9a34206

    SHA1

    ff08496bc93780266213df5e9c8df75216ceed02

    SHA256

    b7c00cdfabdc3f665329f9c796032b643b5e22bc28280be3d6c245fa097fdcf5

    SHA512

    f5aafc5202242a71f384808cda4989cf062d5e82854dd1971bad7d7117385c4f5b17a966eae8ea0bef4fb6e05d2f0669d231dc9997fc4d5897931a3830c61be2

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    452KB

    MD5

    5be054f05f6b1afd1d9c4cdde7d39a07

    SHA1

    aea7d750aeb2667c89edb7617b37d7334a01fb3e

    SHA256

    635358e9865bd6bb5653fe830e64dea1a8a2bacf7e4e16c94c6791a7cea4f750

    SHA512

    a227574af0ba5eac8570a5199417671b2375840263faf3acc9b51f24164c1d2888d2992c03e3bc722d4ff82481ea15ec194af7d79502c9ee227a2a3b1cf175db