Analysis

  • max time kernel
    120s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-09-2024 08:03

General

  • Target

    59521a58510796162b59b241f12a74a0N.exe

  • Size

    24KB

  • MD5

    59521a58510796162b59b241f12a74a0

  • SHA1

    9c6ac8ea0915c4eedb6e5a6e98282a659b46b59d

  • SHA256

    370304f27b0056c3a83d1958a302ec2a9fa7ae882366384d11541b891e015b8d

  • SHA512

    04fdf028786eec1c8d54c8dbc5990a0e6681b5c7d9f02da185cb4d2642e476b697e9abc68e8e8ac8fbfcc38969a0a33485f17dd1fce0d435adf32eae10510d18

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9tobWO8iJfobWO8iJU:CTW7JJ7TUE8

Malware Config

Signatures

  • Renames multiple (4679) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\59521a58510796162b59b241f12a74a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\59521a58510796162b59b241f12a74a0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.tmp

    Filesize

    24KB

    MD5

    a1287630bc2650303fe3e8726e947c1d

    SHA1

    e510e661d3234a85952a57835177df043aceda3a

    SHA256

    042f2c979a04937e77567db552e75605056f0344961273ad77cf8ffd2a292ef2

    SHA512

    0240359468e63579b26c1d19fe750fd33f51d73295e5024837def13f6f4e6177cce67bf7307add510349acc4fba32983e2ac8b0072b515e96634651c75d2ce69

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    123KB

    MD5

    5ea4f7c333a393c095d7330b283f5b1b

    SHA1

    f854149b594613ea55d7bd43db6e49fee186881c

    SHA256

    352c3a2e26bde3518fbc8d1d734cf7c9f96e7d7a6cefa047a88d943c7e78c2c9

    SHA512

    6a723c45cd6577f7a2d987d8e20e4d22025ee86b534cd748544d1ca300055bd3b4d0fdd66bb4a98f1d27f7bf678ebd9a5bd71dd719468fe3af2e23c38aeba2da

  • memory/3624-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/3624-938-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB