Analysis

  • max time kernel
    119s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-08-2024 19:48

General

  • Target

    1fd9fc1928a6ba8341866cf6d38d6050N.exe

  • Size

    55KB

  • MD5

    1fd9fc1928a6ba8341866cf6d38d6050

  • SHA1

    03b34242512521d7f1485bdff0775d5fa6b3246c

  • SHA256

    5fffdbd35c944b6f41cb513c2184c7420520c079916d438097cfa160e20ec005

  • SHA512

    4313976e7f619ffdfd068fac3513010e1beaa71b8729dce5d91a175f127d704f46a386fcdf1a33967de8c869b910ceb5b69f6db34b1aa12b9f99b30b9ba300c6

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8IZTcM4MT:KQSo7Zf

Malware Config

Signatures

  • Renames multiple (4647) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\1fd9fc1928a6ba8341866cf6d38d6050N.exe
    "C:\Users\Admin\AppData\Local\Temp\1fd9fc1928a6ba8341866cf6d38d6050N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:460

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.tmp

    Filesize

    55KB

    MD5

    962210735cbeb28ecabe87ce97f53ed3

    SHA1

    e4f1aceed315a975796db167afd1e01b61e31127

    SHA256

    630387309a2cf6c02752c1a40e7aef8cd15640089dad216695ceff325472169d

    SHA512

    d9ac411c46e95b64274dc20057dbe7a7b6754ca6242dddc75af76b094fc96300d28d59474f9cfb0167b6ac5ded57cf8e970f17d978167719e905428ae652b118

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    154KB

    MD5

    9b27e27880a12060da4e1dfa83e449f6

    SHA1

    fbef9b27ef1c300a0be8d2ae7914f41225fde86e

    SHA256

    1f1bb9c6f37cbab9f11ea6bc35b73a57d56a87b49717ae89d797261ffea44bfe

    SHA512

    4b17e11a0d3522c8f1d281614d075c4432571a1be778c2a493804cf9eaad9235b02f516e52c4f206cb58ff928cda0fd132c106e424d63191a4831843c54ab8a3

  • memory/460-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/460-1196-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB