Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/08/2024, 07:05

General

  • Target

    f1adfeeb7a676b46a7bd1ebc0fbd7091e2f10ad0d1f5e1e9654998d082e213e6.exe

  • Size

    38KB

  • MD5

    2e7af29b51d3eb7eaed6e4fe0681e2f5

  • SHA1

    7905ce9fd324c40096f3b28a0d6a11accf3fbd92

  • SHA256

    f1adfeeb7a676b46a7bd1ebc0fbd7091e2f10ad0d1f5e1e9654998d082e213e6

  • SHA512

    ef0a085426fefef3e19714007c4ef52ea77d8d24debb8ab09b2358d74cf915185e9805e285c953716386c9d2deda8712e46033939473dcc34c225d4754b4644f

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcwBcCBcw/tio/tifV0p:CTW7JJ7TTQoQfWp

Malware Config

Signatures

  • Renames multiple (5187) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\f1adfeeb7a676b46a7bd1ebc0fbd7091e2f10ad0d1f5e1e9654998d082e213e6.exe
    "C:\Users\Admin\AppData\Local\Temp\f1adfeeb7a676b46a7bd1ebc0fbd7091e2f10ad0d1f5e1e9654998d082e213e6.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1524

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.tmp

          Filesize

          39KB

          MD5

          3046983d553851a79890169b218d1a47

          SHA1

          2d580945bd19c0d2aa6644ffe774fd3a90f31323

          SHA256

          43ede67f7a3a7aa876e7d648b89c2418591a6bfca950742cc571e4d485bc3458

          SHA512

          860f02b953d5b3732c2d63c653019682e7f93bc6e46018fbe382850435e9c89d5c0b270613a837736bb8028e2f5269aca6b3d5c0d280b19910d0eb54afebb399

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          137KB

          MD5

          cd9d127573be07e3100594c97d92a325

          SHA1

          4abcda65bd1db061279df71352a76f95e061a71b

          SHA256

          01a22eb806975dd2075b79cb4d197d0860ab75f82fe8ccc4abcb5fe95ce5694d

          SHA512

          ec030bef6be44a907177399e9fe669b95752ab7967158228fe623c90ea628ff35dfba77b30b5382a245d6aa9d26f6a8770f6edf2c84dd0c75c9bfa014312eb52

        • memory/1524-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/1524-1006-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB