Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/08/2024, 22:40

General

  • Target

    d5fe67e8f103632a10f8a36c7d5bc030N.exe

  • Size

    64KB

  • MD5

    d5fe67e8f103632a10f8a36c7d5bc030

  • SHA1

    870b2f02302f21ef63d2071419f2cbe0b8ab8fc0

  • SHA256

    a6e9a8e9fc326464ab07d71270fcb8ac28d16f5a1f0f1f7c90846705ecc30442

  • SHA512

    12db9c45bc6a9c3e67c09d3e1d1fbac5517bfa58044b29e2a54d264b91f50f1de2aae2a4e1b88e619f3e7ddd86cf2705463e116c37b84a5a3c2bca178866806e

  • SSDEEP

    768:W7BlpppARFbhHFoqAJwBqAJw70EXBwzEXBwOvEJcvEJZzozw:W7ZppApqvZvs

Score
9/10

Malware Config

Signatures

  • Renames multiple (4370) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5fe67e8f103632a10f8a36c7d5bc030N.exe
    "C:\Users\Admin\AppData\Local\Temp\d5fe67e8f103632a10f8a36c7d5bc030N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3988
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4112,i,9445584274764997943,12714240264001792460,262144 --variations-seed-version --mojo-platform-channel-handle=4032 /prefetch:8
    1⤵
      PID:5000

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp

      Filesize

      65KB

      MD5

      4a06495a6711498c228087679ffa58a2

      SHA1

      623d5aa87f5f1f10e5b5574a0dbd2db4574729f5

      SHA256

      dabb612ca4ba82ff3994710ce4360577392e2a90db5f3b8f4ca39009c73ed503

      SHA512

      32801979582a5f0e7160d789d4fefc3fa24eb1442324c1293612031cec86bad3875cd481983f055cf0a7c35f66f91aa971344654821394c61d98995928d67c8a

    • C:\Program Files\7-Zip\7-zip.chm.tmp

      Filesize

      177KB

      MD5

      f24dc359e351d1b6b2332c08dfd02841

      SHA1

      9568e682fd79245215e990c34b0a9609f3e22c61

      SHA256

      3219f5e09fc3098d4f36cc79854097db293f9167d7b0aa7a25f99fcb1ba9d3a8

      SHA512

      3bc151796ea9ddcdd6f72b3fb10fa26e852f175f5adffcb3ff458b177d897d9c3ea3e1336f349313a3c0c86c4edcfd6dfd8f124c1e59ab64d22fa276122005ea