Analysis

  • max time kernel
    119s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/08/2024, 16:03

General

  • Target

    a2f4c2187a4526ba2fd1d409d0785550N.exe

  • Size

    45KB

  • MD5

    a2f4c2187a4526ba2fd1d409d0785550

  • SHA1

    ba37501f19097a9524716dff63db3b613b30b940

  • SHA256

    6021329bc6a92d68dceafc1e015751b71b6ccda6af0f7b27025504a61d034a5c

  • SHA512

    31dc5e4ece23199f4a2c02d9296d7e95443388fd77edeeb700e9cb1221809cdf9a351c5c8ecaea5513aa06d49d098218fcf9e1a4b02325be32d221f5a153e18b

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lsSgxoVz8zJUDrYYaCusjLBEKxVTLg:W7ZhA7pApM21LOA1LOl6vSgxoVz8FUDc

Score
9/10

Malware Config

Signatures

  • Renames multiple (4644) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\a2f4c2187a4526ba2fd1d409d0785550N.exe
    "C:\Users\Admin\AppData\Local\Temp\a2f4c2187a4526ba2fd1d409d0785550N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1388

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.tmp

    Filesize

    45KB

    MD5

    50a8b44f4ddd92b6bde745cbfc8dc675

    SHA1

    370878e9e360b81264a3d8855e01316a2b402114

    SHA256

    8d4fdd585893a2ba82cf6011169092e67b9a3ee63ecbe73ae9e52c7e0553b1e9

    SHA512

    658b9a6735c8a6224619aee20079a5062c5fd035ae4d637e4967b6447e556f4776cb1d077c75392a0e9d5acce5c56037cc0f0daacba228c80c9545e190c72d96

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    144KB

    MD5

    73fad7e81e920a5bb4afe2c0a8787822

    SHA1

    07971c9ca77f368737910e3ec0d6796d5032b252

    SHA256

    5a967bff55c785b29dce9b171de1de2f697679ff983177b4bae7f3626e272b9b

    SHA512

    f49aa4caa1076be984efb9f18f1af0fec24c813fd284e603805ae1c42972d8acfd35a518bec9b490cf92dd530fe1ee698adb10c8a9eedbb5646243c9397f9f83