Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-09-2024 12:29

General

  • Target

    4a43b8fcbe0e2114cb97d0499f531d30N.exe

  • Size

    45KB

  • MD5

    4a43b8fcbe0e2114cb97d0499f531d30

  • SHA1

    2e928d0c038f9770ce851067691c8e9d32fdd8dc

  • SHA256

    5a927c0cbe7aefb57e8c3c5390af2492db6c8fbc14616f8e394dd90bdc900ad8

  • SHA512

    28cd216ec04161ae1b6bc0ae5a26da39e8c1ecbc2b7584462fcfc217c52dac7a18bbabd20e8195e497f19ac2a3aa6c4327222c09bf5fa92d8c559eaec4a5ae43

  • SSDEEP

    384:GBt7Br5xjLdbAAgA71FbhvU8g0U0fLMzyKbNzzyKbNWkq3DLXakq3DLXOIwX4Iw5:W7Blp+pARFbhBgnKLMWK9WKD2N2lWrWp

Score
9/10

Malware Config

Signatures

  • Renames multiple (4642) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a43b8fcbe0e2114cb97d0499f531d30N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a43b8fcbe0e2114cb97d0499f531d30N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2684
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4300,i,2904906934812054273,11716976550456127484,262144 --variations-seed-version --mojo-platform-channel-handle=1420 /prefetch:8
    1⤵
      PID:5528

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp

      Filesize

      45KB

      MD5

      9e66041040304fbd5be6812f0052984a

      SHA1

      db323b86a25c90ade2f2b58a625bef7f1040eefa

      SHA256

      8ed1a94799f477c0196c250eb5b28fd0395a1e12f810d2bf6a6ad6143afcba9c

      SHA512

      88e7a93ed0dfcced5ddc7166712fe69cabe2a559a46aa1421768883323fadb46e00461b54e77ae4c4f5008034e8a9f597bf3458629f9e1a79ef28caae4d8ebb9

    • C:\Program Files\7-Zip\7-zip.chm.tmp

      Filesize

      157KB

      MD5

      d08d7e20406d801df7568806572f360f

      SHA1

      2e882067f490261f7b7633c15e5e57b794e77640

      SHA256

      cc9b24d58f53f8f28c4ae5a0564835e01f36f1b1d650dcff9eb633a40fe9d213

      SHA512

      531525facdca006c7cecc6af909487ed3cc98c0420f702815cdb7eb639cf6c8e8e531e9736c00d1a362ae74111c7183dab73233d1c89e5eb3ab3d113d2b9b019