Analysis

  • max time kernel
    119s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/08/2024, 03:48

General

  • Target

    c26a9f12a25abec013564181066baef0N.exe

  • Size

    47KB

  • MD5

    c26a9f12a25abec013564181066baef0

  • SHA1

    6c6608d6a64106e8e71f75c5ee13a7e2d183f7c7

  • SHA256

    12664f97c15e5defec036aaf9ea7655f2439a95ea181abeb16340b3e0ae97a75

  • SHA512

    966e88deaffeea1824db08f06ac0252febd9541df1812d22031a5d69b4f15cd6c60acc5d7acc829233c83b1efa817b3df92011a7cd8db6107ba9bb8ffab54fbc

  • SSDEEP

    768:W7BlphA7pARFbhL801VvM801Vvv7cY6SpSo:W7ZhA7pApw03vR03v4Yd4o

Score
9/10

Malware Config

Signatures

  • Renames multiple (4657) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\c26a9f12a25abec013564181066baef0N.exe
    "C:\Users\Admin\AppData\Local\Temp\c26a9f12a25abec013564181066baef0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.tmp

    Filesize

    47KB

    MD5

    5a8e028b1c248f209d8628c87fdaa28c

    SHA1

    bb2151f3db7d9c5e0d41e4130ad17129b6f744ac

    SHA256

    aa809c5d61fbef86c066cad9cfe3806773d7571219fc9dcffd7881523a81ba00

    SHA512

    ac86699c84508bc9bfc9484cef43baa4ae5aaf23a317127bc01313c4161ab50db307d42f94c98fdcc162b9773ff57d42a4e34d2d5b1f73557071f8552d36b6be

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    146KB

    MD5

    963ead227e2f9bba9cbdac7b1aaf47b2

    SHA1

    bed845f69ef40f5959a8cca0f03fb094ce1390c4

    SHA256

    5f0c87b97cb06e2a761e56ba08b68a0d2c72a3a2663dd534e24b14dec6e0b417

    SHA512

    df9a14d66794113abe424ec58d3380b16e4ca33b8083e5be887c243dec9eb0116f2f255c167fe27ad208bd62a55c964eba18ad88d0684ca1e179d56ad2d909e9