Analysis

  • max time kernel
    150s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/09/2024, 01:33

General

  • Target

    abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe

  • Size

    55KB

  • MD5

    29d622424fa4b730b8ff41875d70d76c

  • SHA1

    437aae37d5a8d4526cbc671b2667f2c868834151

  • SHA256

    abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90

  • SHA512

    b4c468a4926a427dcdc9f78524bb695de43a9d54977708ed856e8f804b4ea8231d8f464790dd1610b16407b4aeb54a94ca6a2653664d0ebf3eb61c286fc8dc9f

  • SSDEEP

    384:GBt7Br5xjL9AgA71FbhvuNBNKVkVYlIAItCCIntkntV/eazc5azccpp:W7BlpppARFbhFAxC7ntkntV/fo4ocpp

Score
9/10

Malware Config

Signatures

  • Renames multiple (5203) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe
    "C:\Users\Admin\AppData\Local\Temp\abcdbf29205f09254dcfe0e412e1cf586f81a79e4fe61a58dbd12d77b999ac90.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4182098368-2521458979-3782681353-1000\desktop.ini.tmp

    Filesize

    55KB

    MD5

    a05b13325f5b968a422c2a0b60478875

    SHA1

    377e2472e067c72ad3e9c1da01c4240a841b12b9

    SHA256

    3fefc41a9fadc14ed74e6a81c9ada05c0fc6299badc96a3c2d5c77bf5367c11d

    SHA512

    99fa50d422758e9b3b9fb71c88631e7b00803a9b05d2b544ff2f47fccf5400d032c1f4115121b3b0654bcbd5c36801dc858a6f9c9ced4969a727f38fe41f7adc

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    154KB

    MD5

    7ed8acd7be873466fb842501465c6fb0

    SHA1

    38f3ddb447c8df4ae6d123b8ae60929be2d92b8d

    SHA256

    cdadc1fa0ac485ad0a2bf54a58a3ff980754c9af226df2c42c087921c5db6e34

    SHA512

    ef584208156148cd52e3cf77a061c6ce043306d713a36e41938228c3d5e8ff93f185da9ef1233d45b9057094f40e0b58aa76a9d30e757132865a3322b6de5e53