Analysis

  • max time kernel
    120s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/08/2024, 06:56

General

  • Target

    182520a708225d28daedd10116406130N.exe

  • Size

    52KB

  • MD5

    182520a708225d28daedd10116406130

  • SHA1

    c75b3d688ba200090ba7d70b914c2d55f936d5f2

  • SHA256

    54bef597cacf1f5d826f943614e2fe79767c71b33b468d27322dd7fd3950bd63

  • SHA512

    200de298e297e99eabf7385b917284718f288bbc0cdbb1047fdad5f5a05f6f64db3d477fb1557a4e66381c420f89baae6252a0c174c83aba387a85da49a66a33

  • SSDEEP

    768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFew/DbAGw/DbACSU0SUfhwRDThwRDO:W7ZppApBULcfpHLcfpyDoA4WZwXwM

Score
9/10

Malware Config

Signatures

  • Renames multiple (4648) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe
    "C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:116

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.tmp

          Filesize

          52KB

          MD5

          a74e6b3fcf65465b5d4b9b91f18eb939

          SHA1

          3795c3ce7ef2dd7326048ec1fa658f33b2f0256d

          SHA256

          d6fdaeff6acd49f4c8518a76b2a193b827953b6cd2db809be06f18b1e1fc4b27

          SHA512

          a47ecfd1a0b806ebfb9dbd6ec02c721fd5f40e858f212ad4db5f5cc16657a13b06feaae24282d83338fb874d0bfcdee5b78b592f11522174d2281286f1813b60

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          151KB

          MD5

          f64e11ed65148d79f9be619a9ef9014a

          SHA1

          0c314c9db067d3f3738f31d7e6a9d636e901a6b9

          SHA256

          70ffe6787c7e3b363fc7559efd80621754273cb6c9c9b52421eb4da6f41528dc

          SHA512

          bafcf1303e5d7bf77ce939a688c7ef53b4ea934f742672b7007644297be90c541b694b623029a4e28f74d498e3cc313348e4aceca1577f869d55b0fe92789b73