Analysis

  • max time kernel
    120s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/09/2024, 12:04

General

  • Target

    93ce69d63e3b23da1eed057fd75e91f0N.exe

  • Size

    52KB

  • MD5

    93ce69d63e3b23da1eed057fd75e91f0

  • SHA1

    beead8f10a2f3104ed9cdbd2e188c4ed1df5634e

  • SHA256

    1768d7052001d46cc9d36a048fd606511bae61bf5cc534faaea71864310e35d6

  • SHA512

    6d3c6ae1fe4f44c63c14a72878806f30869be28fa993ddc46fa98dd2bcef9fb4f6828b6810f460b8ae01384d32644e7b45a64aa3aa2f876448f59ac1438b00db

  • SSDEEP

    768:W7BlphA7pARFbhM0KW2s9B4b09Xgd7jylZqzps:W7ZhA7pApMaxB4b0CYV

Score
9/10

Malware Config

Signatures

  • Renames multiple (4383) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\93ce69d63e3b23da1eed057fd75e91f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\93ce69d63e3b23da1eed057fd75e91f0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3448

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.tmp

    Filesize

    52KB

    MD5

    761bdd9afc4d025c8596de0065a4fa37

    SHA1

    c1472c46608d209089ff72f804b56d994db30d01

    SHA256

    c36477c01f02e8df909dcc84aecf040ee6d2584ad8250e59cf79b2cd03472695

    SHA512

    e5671b1eeed1ab06cb2c39d734f6d2bd5aa923a88cf4dfba52b2f5a85fa3729da988ae21b7091bdc16818cf4d98b7b3b27cf67fa1b99bb4f075f384fb0180f77

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    151KB

    MD5

    9613940a82ab80e605d6d5f06ca253a7

    SHA1

    a876d1dd745af4d9814554b7985b9615ff7feff6

    SHA256

    0211ccc4e1bc90de1c6efe1eff5927ffbf5e83b718f5b4f55dcb90df18238929

    SHA512

    9360de7a52b23f02202600bacdca667b24f26195acb5216789a493d80a44c46d23e6a7d1910b2b5ee427ae82f6da8c8cb6eef299e61e49d421dd31254bc26f2c