Analysis

  • max time kernel
    120s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/08/2024, 10:37

General

  • Target

    a0a7b0c37e61e7b9a63b4fa2bc091820N.exe

  • Size

    77KB

  • MD5

    a0a7b0c37e61e7b9a63b4fa2bc091820

  • SHA1

    703c16cc97564c898b9b0fceaa96dfee4dc3b711

  • SHA256

    bb4d3122949f0de622d3d8cbc4fabd7c16c92f6a32fcd69e709117449f781668

  • SHA512

    3d914ef362f3c771eb8b93e4c7121107e6acd7b8ab0a409b0817aa065bfb081672583412a0c620e8a864c09b3601e94a09541cbc205ecc382049822539ec6fa1

  • SSDEEP

    1536:p7ZhA7dAp1++PJHJXA/OsIZfzc3/Q8Ue+bCeh:Te76WQSotbCeh

Score
9/10

Malware Config

Signatures

  • Renames multiple (4656) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\a0a7b0c37e61e7b9a63b4fa2bc091820N.exe
    "C:\Users\Admin\AppData\Local\Temp\a0a7b0c37e61e7b9a63b4fa2bc091820N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:460

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.tmp

    Filesize

    77KB

    MD5

    7a84fe866ba1ec5ce11c09ebe5af61c0

    SHA1

    e2e3005aa58d80e85f6e93edcfab02d825a01429

    SHA256

    becc734b7c01dd2eec74d41ca59d2b4caeb54c11429e58ad8ab744d74aac2394

    SHA512

    cd5ad22c5ba11f55036925290bbd1479f1af746f86d368649243c741abc8907ba6af74634a49baa6301116c3f25209f474bea6c1e4c298dad71945a7189f38d0

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    176KB

    MD5

    7c7a1e4bf8ed4eda3611fe2a8e33c6c6

    SHA1

    b7ecbc71165daede158940650db0073f8b302d1b

    SHA256

    8e471c807673656121096240429a874b99c671d52fe5a7049870f71d108acc6e

    SHA512

    d7d2e47f1f6ce96df0f860aa4c3c7698e976e0cae52a4c41a858c48273715f693eac2f4bbf207c4cdff852c2a3bc74ebff4f899423c4ba5586d5c8c127856bd2