Analysis

  • max time kernel
    120s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-08-2024 20:31

General

  • Target

    2bf55559dcb9e30887695ef1a04abb20N.exe

  • Size

    41KB

  • MD5

    2bf55559dcb9e30887695ef1a04abb20

  • SHA1

    8077a1d239de3830edb4f30be450e5dbbf4e6aa8

  • SHA256

    749c8e561987b7d5192af9f54f2f01c8bb4962b490605514a35e01ea2903b259

  • SHA512

    65405520e3d414273ac1547627e15a2fea51ed4ac09c4bd4e11cf0139d2d1c88fb3da49790a9155bd97412b8459f8622631eeeb48ee5c25ba1848e9c791fcd45

  • SSDEEP

    384:yBs7Br5xjL8AgA71Fbhv/Fzzwzl83/Cqy:/7BlpQpARFbhNII/C

Score
9/10

Malware Config

Signatures

  • Renames multiple (4629) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2bf55559dcb9e30887695ef1a04abb20N.exe
    "C:\Users\Admin\AppData\Local\Temp\2bf55559dcb9e30887695ef1a04abb20N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3328

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.tmp

    Filesize

    42KB

    MD5

    b68140541da2b85b29d6fab67ddb8ad8

    SHA1

    c8beaf1b1325a11dda039837ad575519860aef76

    SHA256

    7c17a7088a1cf68359cab2102b74d23139a605086c4e6f09d2fa0a2d3e00a20e

    SHA512

    9f671524b20b3db65ca250091530f43c62dc94ef534b75255167f145377f7e547da572c8a91b187a6acaf9af32b7b311f7fa5ab9cc3e3c4092468c73fc20fdbc

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    140KB

    MD5

    cf0b8703eb97b848481e95b815f21bb5

    SHA1

    8861b26eb4a09e4f2833fb57405477a693262248

    SHA256

    5527ee646c74c4ab59106677aec834c8aeffbc8f515561f4cb00a2c8cf2506cf

    SHA512

    c3e1ee3859ca37817c6bfb89071ab4c00f276bbc3473d3aba5cbc1a2d1dba8e485ff6d19461c603858610178f441a52f0e9e6aebed8f4a624824789be0144f88

  • memory/3328-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3328-894-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB