Analysis

  • max time kernel
    120s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/09/2024, 10:25

General

  • Target

    7f4b7fdad65303fa98d12c6b7bf2cc20N.exe

  • Size

    40KB

  • MD5

    7f4b7fdad65303fa98d12c6b7bf2cc20

  • SHA1

    db7d052a14a2d4f99212b4f14e6c2044f90b5ec4

  • SHA256

    295bf921075cf4d366176bd79636935567cdf47e6e77f56831d39a31792a4874

  • SHA512

    60c398e45da5d45cf1b98c8a63266f2c80130e2e123962313c4065270e9e82e1df25d0dd783305befef462d2175d24dda5db0efa97360d2d7c5097bca054eb8d

  • SSDEEP

    768:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJhATBaMYioGXOaiJfoGXOaiJoWAnWAj:CTW7JJZENTBTYM2ltj

Malware Config

Signatures

  • Renames multiple (4633) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7f4b7fdad65303fa98d12c6b7bf2cc20N.exe
    "C:\Users\Admin\AppData\Local\Temp\7f4b7fdad65303fa98d12c6b7bf2cc20N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4888

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.tmp

          Filesize

          40KB

          MD5

          bb16b447771730eddff12f7ebcf7a084

          SHA1

          11f561fdf6ed1b0a767ee1b02251b51668204784

          SHA256

          c534f65359b4c1f7b390747c995c839a0bfc6ba85ed0bfd097e7784f0114de81

          SHA512

          02b533a2a4cc4dd565bb6a2bbf673535c9f3b10d3d86435a343639757c650fac3af0847bb2141c622b305d65e2934606d81ea148accb9f15a0c019925d257451

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          139KB

          MD5

          4afbdac56ffece5a2195dc1b815ad26c

          SHA1

          0bb07ac47462489b121e4ab6171a9ed0e777fe38

          SHA256

          0bb9853e4b2fb9b6e79a2261c5c0345c401b275950446e1b862afd9aab19e1d2

          SHA512

          41dd20c9868e8825f0911b3c001ec78c726770d5726413239c09ed510e4ff354465c6449bb8fa0f9a2e14c44cd4960938e7894e548785ddaa4283c0fd41fc32e

        • memory/4888-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/4888-871-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB