Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/08/2024, 12:49

General

  • Target

    9312db1a4e7fbc4e2a05c9d0c81b9740N.exe

  • Size

    50KB

  • MD5

    9312db1a4e7fbc4e2a05c9d0c81b9740

  • SHA1

    214edbc25217a97317150d5f2621e971d4e5a28c

  • SHA256

    9354624c558b619ee507e593c1e97fe2a096e24ef674d1ad219d882c05a8ce58

  • SHA512

    5b394c3079013a2f4c6ed80a024ceadea558b7a2f7191462803db2c109eae1bc5ad0a1807b700e61aa3c335d8dc506a3bcf4ebcf89bb917fd172f59a0ad1eb3e

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9H:V7Zf/FAxTWoJJ7TN

Malware Config

Signatures

  • Renames multiple (4626) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\9312db1a4e7fbc4e2a05c9d0c81b9740N.exe
    "C:\Users\Admin\AppData\Local\Temp\9312db1a4e7fbc4e2a05c9d0c81b9740N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2884
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3264,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=4384 /prefetch:8
    1⤵
      PID:3208

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp

      Filesize

      50KB

      MD5

      a55ecabc2788ec8acd2f445f929a07bd

      SHA1

      dc19c2953fc3d9ebf45719dd1ab0c8b5d990ada1

      SHA256

      bda55f2be70acc476027d48f22b5ef70091eed86eb584d338bb54d3d5f21a57a

      SHA512

      cd5004c28ffa60921dbabe6dbf45de99d37513c536b27e885503a125fb74d72a8aca5a6a29221ad2cf71bee72ae621d16d53f2dabd5430ae05d26863c21a183c

    • C:\Program Files\7-Zip\7-zip.chm.tmp

      Filesize

      163KB

      MD5

      1d78b85f14effca2b2c35c241a8ab7d7

      SHA1

      dbfd2d2d9174bf91cd51ef567886268318ed9170

      SHA256

      e72e29b4fd047edbe314ad3353b1143679869bc70b1fa5c269196f9e76cdb7d0

      SHA512

      5d7b5bd137d594ba8b910d7fda6441225d45f8c88ee0e1a581fd17e18737bd14959238ee615c240c04d160922c5bc8ef9b7b6e4569f14b5a925aec6f9ee26d41

    • memory/2884-0-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

    • memory/2884-862-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB