Analysis

  • max time kernel
    120s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01/09/2024, 01:30

General

  • Target

    41655a1e9954303ec5afe9452dced220N.exe

  • Size

    51KB

  • MD5

    41655a1e9954303ec5afe9452dced220

  • SHA1

    9a068c2f584ac7886f81540676147e9d2eaca19b

  • SHA256

    31b7bd1ddb63dc340083afe612ce4320b4296403e79784f1ae5c5ba6ad1cd07b

  • SHA512

    5ca7f92b8c546fcaad68c97959b2c2f1bf0552f520a10983fac1a614f62d014638c8ef1daee4db4c81cd6bca8d00e6978876bb19571d9f572eeb5b259995aad4

  • SSDEEP

    768:p7BlphA7dASbSLJJBZBZaOAOIB3jM2jMO/vY6q/Gum/Guj:p7ZhA7dAxJJB7LD2I2IGYM

Score
9/10

Malware Config

Signatures

  • Renames multiple (4167) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\41655a1e9954303ec5afe9452dced220N.exe
    "C:\Users\Admin\AppData\Local\Temp\41655a1e9954303ec5afe9452dced220N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3764

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.tmp

    Filesize

    51KB

    MD5

    78407383fedcce9d2904f1c503853822

    SHA1

    b6fc314823c8c6d57e9bb27e901020c6d210efab

    SHA256

    f19e42ddc81370c4aa638b36d4be00a4c527ef5a4728c23f50cb736e51770c01

    SHA512

    190cfe53ffb6e6d526c43a3658a717803e83449c3248fb150bef5538146c8211842493462834b8c6047df3758cc40de24a90dbf70261edcc6e540f8aae01f908

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    150KB

    MD5

    0a49957192ed4bb09421817956e6dd0f

    SHA1

    7a86f1c7c52082c97356949da60772e6142aa477

    SHA256

    4fcaad70f4ae45fc6e110f4da4219752fee2231f3817a407a0103a24637ad169

    SHA512

    feebc4b3402abc7c963e6880511335d120b59bcb4aec41ab461e5fa1b212cd637d2ce42d05f710f9d70f9b62d54bf489ab17c13d6a8e20466db4feea96068410