Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-08-2024 06:47

General

  • Target

    0069858ddaa8f415fe9aedd2700d73a0N.exe

  • Size

    52KB

  • MD5

    0069858ddaa8f415fe9aedd2700d73a0

  • SHA1

    8f07cb5496413289e1c542fafc69703d4dd6b6a7

  • SHA256

    1d70f21c8b07be4268e5ed6150c0f72064310cf36e55bf5eb0e1594a23daf208

  • SHA512

    1760c0c5c3b02900c3bf2ec25231734e25bb55e6e528a32bcdb32bce6182ff2f54b0aa743413685ff1e2b3972528d7f39920ab8334701c8ad57beb76155a4c2d

  • SSDEEP

    1536:W7ZhA7dABJJB7LD2I2IHs4Q7ZsLAQ7ZsLz6u1eNQ1eNjLC:6e76BtD33HslCm1eNQ1eNq

Score
9/10

Malware Config

Signatures

  • Renames multiple (4618) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0069858ddaa8f415fe9aedd2700d73a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0069858ddaa8f415fe9aedd2700d73a0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2676

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp

    Filesize

    52KB

    MD5

    3cb60ece6d1d96d756b94719f5ca7302

    SHA1

    8d7b9f9f9b61ef5684f38e348f93146acd558d98

    SHA256

    f6a9b4195557d28cb5510fed564a55123db393d7e3daf7d1fff145c038935763

    SHA512

    3b1a78b61185cec6190b120aa1d36714269e81d828f2053638722c55f15c491aed52d6c90210afee5891168ad39f404728b6da41d0a7c39d8332718ce4ae572e

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    151KB

    MD5

    0258d69e2d9bcf95700a161e76bace24

    SHA1

    f83fd82a4e80007192f4884789cac218d06e3cf1

    SHA256

    02370fa379a91794a78e419ef1e6a9858e93f6ad4a8bd5e29d5c319f0641740e

    SHA512

    1ec75f6101805cd366e7187faac7d794a4a3dca441eeae983e5d0ef440fd496e1ec4eae27e71875810e153c0c1ce6d5a592497932f9d0418d4b4c85ef63886d5