Analysis

  • max time kernel
    120s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 14:13

General

  • Target

    afb66c57f2928fe95834643eeea6b990N.exe

  • Size

    76KB

  • MD5

    afb66c57f2928fe95834643eeea6b990

  • SHA1

    5b21c6068e86eed25b04543b030461a2b667159b

  • SHA256

    fc2008fae59cac9219602d17c77518906d5f8dcfdc65f3ededbf7e746a2bfa1c

  • SHA512

    b1e9528234c4aa07af1e2c4f720d929b6876c192d755a413809ceee9fa7e80f07db080371710440b1e2df7bc93bd7bb122053042c666a71b4204d3e1dcce947e

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjSEXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rt:V7Zf/FAxTW/ySSh9j+9jpGnfO

Malware Config

Signatures

  • Renames multiple (4521) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\afb66c57f2928fe95834643eeea6b990N.exe
    "C:\Users\Admin\AppData\Local\Temp\afb66c57f2928fe95834643eeea6b990N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1588

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.tmp

    Filesize

    76KB

    MD5

    99875f90c2b25424fbf3af887478afdd

    SHA1

    007cee56e23d4744f2bdf02076621f0248d2fe3d

    SHA256

    720bb226b551844428cc005d54795f01c732fde42a34fb97dfb915fef6015de6

    SHA512

    cac8205982ece041b3a4b189a8a553a2dbfe60d117c0ef6fee0ba363ceef9b64faaf1471006fd64e2390b190d362c249b77a18b8d7981a43f196abf47969bbeb

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    175KB

    MD5

    bfec62ccea9c1281a345c983887e0fd4

    SHA1

    97c424594c896e252639b87ec9872517d39f3907

    SHA256

    f0c9c14c3f0f162d96b8d9d033d878dbc900bd25617106374dae17a81cc6dc6d

    SHA512

    0fcfcd38f87bd6f725435d42f6801a11d32dc490393d59163a116ddf4a6561820bb31ada1d45ac4240ee8b150f2f404d3c10b4c19d93e5af6ba81d25ffdf6a64

  • memory/1588-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1588-868-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB