Analysis

  • max time kernel
    150s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/08/2024, 06:55

General

  • Target

    ed5ba1dd443ae3683e0b2e19efaf011bbf90522e41b427eb1bcff7797b75090b.exe

  • Size

    34KB

  • MD5

    aad2e9de146d4eabc5d01763f809868d

  • SHA1

    480077ee62b32a7e61613acb7274ef5da696d138

  • SHA256

    ed5ba1dd443ae3683e0b2e19efaf011bbf90522e41b427eb1bcff7797b75090b

  • SHA512

    342cb9a6c849c21722773c8dbe5f57808329b3bb2a22e81f8086b816dd22b37c4b5025ec1887e42786cbdf249b30e74ecc1f6acccd5ee8aebb4b45ba5889118b

  • SSDEEP

    768:kBT37CPKKdJJTUNOXqA7JkuA/JQqA7JkuA/JC:CTW7JJTUNO1

Malware Config

Signatures

  • Renames multiple (5117) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ed5ba1dd443ae3683e0b2e19efaf011bbf90522e41b427eb1bcff7797b75090b.exe
    "C:\Users\Admin\AppData\Local\Temp\ed5ba1dd443ae3683e0b2e19efaf011bbf90522e41b427eb1bcff7797b75090b.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3608

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-523280732-2327480845-3730041215-1000\desktop.ini.tmp

          Filesize

          34KB

          MD5

          9f5d756aeb59dc09f7d7ee21e38acf4a

          SHA1

          f820a5c678fc26932bdd2772fc7a54e97bc13204

          SHA256

          0cf48d6117bebfc8ed9d93a422891f3db6a82086ab3c77af77563d0999f9155f

          SHA512

          7ffee17d5aa2a3c8b861294689bdf0b789f7699605be011cbdda94a2f8e5485ebe59e1c0e82b366eeea4268f78ea9ff27d527ba86993b1f50ff1896636144aa8

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          133KB

          MD5

          edceaf8fe5042fdd1141e41f09204b34

          SHA1

          316abaa331fb7ae9df1e677e64704a1cb9d7e897

          SHA256

          edad6df3ac32c816fce2dc48b4ff8a3488a42885755777a4b58e3f20f2ba64ad

          SHA512

          7c3622a03a43ee7401380bb620ea9a2244e1cf0e5b1342c2d46e2b557e7857b6c7e56006a3baad4e9cce1228315fd1b6adcc486e2388e4d665abe5e6558a239d

        • memory/3608-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/3608-938-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB