Analysis

  • max time kernel
    120s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/09/2024, 07:01

General

  • Target

    25b9aae5b5370af81a827f48ee32e9b0N.exe

  • Size

    98KB

  • MD5

    25b9aae5b5370af81a827f48ee32e9b0

  • SHA1

    440eced12e10b312b37877e5b02afacc823b93fc

  • SHA256

    0679fb934187386f9a1a8a3f7cfd08ae7c3d7bb3becd9caf9fa4fdeea1c3ed57

  • SHA512

    d9bbaf87cdea99d6eeee44794f987050a31244a48c0b69cb1fc3e6064c5f53efc61c6a49ed60647ccecef6128216963aa3d160ce38f4253119013fce6ebd377a

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxviYiaEWYMjp:fnyiQSo4iYiIYMjp

Malware Config

Signatures

  • Renames multiple (4634) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\25b9aae5b5370af81a827f48ee32e9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\25b9aae5b5370af81a827f48ee32e9b0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:460

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.tmp

    Filesize

    98KB

    MD5

    331bb6b7b7823f654e21746c092ad754

    SHA1

    b099f1e14a37c2dcc561537081b7bd2e9493c19c

    SHA256

    482b97efcce1b5945eceb575682ed6ce86011180b300e69b93566378ddeca888

    SHA512

    fbbe527b64f71184a32aac2be8d943f37031dd244ff0096f9845739dfedbbcdf1f7dd9ec8df0c23703f32791034e5cd3d19aab69b4ae4230ba371f05703523b1

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    197KB

    MD5

    58497dc6aa039f8445c1778237d876b3

    SHA1

    7bb580f110fce7b3987ae7d6bf4bde265225b9cb

    SHA256

    44b2edc9dea45d20e0d21e1e3ec20cde4303c1448844e07e2ba5186e774f59b8

    SHA512

    cebf8eea04ac938cb88cc32b7ee12256b8cb8a5b73f19307f8f667723a43c636dbe5f08e1f2940ae421cd7d994a40cdb14aaa233541b000a902517671caa2175

  • memory/460-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/460-888-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB