Analysis

  • max time kernel
    150s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/09/2024, 19:58

General

  • Target

    1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe

  • Size

    74KB

  • MD5

    9c2c4b45a9b4c4e06c53c314faf715cd

  • SHA1

    2c1350442c107c52d078587f46d88cc3606502ca

  • SHA256

    1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27

  • SHA512

    4d21d7ea1a5122ab54f38e078e3af3b229e19a051c60ad6c927fc031c1fec756b8d7fa42ead2548b31be8769ba8eb7842382f9199e3bca1b8253a17d012ccbd6

  • SSDEEP

    1536:W7ZhA7dAZ1++PJHJXA/OsIZfzc3/Q8+CtlYSDL:6e76mQSostXDL

Score
9/10

Malware Config

Signatures

  • Renames multiple (5170) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe
    "C:\Users\Admin\AppData\Local\Temp\1ea878107c4811573305907573d45a5d61cdc6d52d779dde4024122bb4776a27.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.tmp

    Filesize

    74KB

    MD5

    fc828f6eaae6d8ecda55b35ac7190ae8

    SHA1

    61933d20a6b95f6cb347cb84910a854856bd417f

    SHA256

    deaf5dc7fe334216c0702a7fadba824cc87ad9f10b8ed57d7ebc8479630c591f

    SHA512

    992a795f148447cc790369f1025669d12311f72bccdf97af91b8f089880b2b3b74b88e56c8baff60e599a031bdf543db3f7631ba4abb9388110992e683d07cbe

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    173KB

    MD5

    c89e684d932926ee1ed9813a5c807fd1

    SHA1

    cf8f7ca631d7257a0279abe86e15ed5d0de8accf

    SHA256

    be40d13f3b46d485dc82473316890f2cf4ac5cfa9d2c068970905de4c6639d71

    SHA512

    ebbfd39374dfadaa26c4b15965638947b461cbe177442040514866f5382ef4340d19a6004793bd661ee0029a5f80472472203c3599b1c53c21709d556c72795b