Analysis

  • max time kernel
    120s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/09/2024, 08:20

General

  • Target

    8389cead0fec90d623e53d0224e503b0N.exe

  • Size

    51KB

  • MD5

    8389cead0fec90d623e53d0224e503b0

  • SHA1

    f578fe42d82d858521d38fc51f177a2d6d2a767e

  • SHA256

    dbb59fe3de114613ac4f8bd8598f6bc35aef1c577ee5fd36d9797de80a819a4f

  • SHA512

    752dd54aeea0003f0e440e20ffd7dcdd6bf3df07d6f1189ce2c5e9ff1aadc9ca0abefbdf1e4f576e4bf509df0b644ce5f6f18c68f35446c8e07b21ecdb640512

  • SSDEEP

    384:yBs7Br5xjL8AgA71Fbhv/Fzzwz72Jwuq2JwuR0U0IOe2eQOUaHOUae:/7BlpQpARFbhNIiJwsJwwnZOe2epke

Score
9/10

Malware Config

Signatures

  • Renames multiple (4650) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\8389cead0fec90d623e53d0224e503b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8389cead0fec90d623e53d0224e503b0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp

    Filesize

    51KB

    MD5

    75d9b97c0608872969b2abe2951d242a

    SHA1

    b58fad24f5282e37ed32dc3a024970ea1e56c4f1

    SHA256

    827ec484c594d8739b6badd8375ab680075cb5699a4e9cd1a35c7c45fdba57b1

    SHA512

    86ace944eaef00750e8d674d03757be7cc395c8c64100348010285668a5f72d05510c00563b4452ad60205f9db6f7427b68bd11b2029a5c93bc4035283d48e72

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    150KB

    MD5

    ff0edbd29ba5fee4fdf0059c893cc944

    SHA1

    955c2a6c7fcc73762996f8c32fcfbc5f7b50db09

    SHA256

    06fed83c548a93be5e187892554b4b38821cd142b8d82d0b5a9d61dba9c4ea00

    SHA512

    328bc17b8a09e645442ff1bb7c5291345fa1186f15737a6c08d01c0e39158a8f0108505af614067e3c5b722d69d491b98685f67404263428a9a90e3dfdef10dc

  • memory/1728-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1728-914-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB