Analysis

  • max time kernel
    149s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/09/2024, 00:53

General

  • Target

    a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe

  • Size

    104KB

  • MD5

    5d4ea5d003e21b89670085c42f217d6f

  • SHA1

    71ab1b8290a8c6493d4c886d8c14ddc4bd0fbf43

  • SHA256

    a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1

  • SHA512

    cb0fc925b68cd58a7221638455ad3ff59d1f05e2b0af8eee9be15aef77f525359c75252266371586d42ba792ce84d3b54579831da1ad925616350fdf4c858333

  • SSDEEP

    3072:6e7WpHIyRF9ESWu0SWujKsKRsP9fVL9ilV:RqlIyFESWu0SWu86jYlV

Score
9/10

Malware Config

Signatures

  • Renames multiple (4718) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe
    "C:\Users\Admin\AppData\Local\Temp\a3705042b780e8576dd0678ceb0db8d01d4ea8b9fd170c57a8359399366fe9e1.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:5096

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-523280732-2327480845-3730041215-1000\desktop.ini.tmp

    Filesize

    105KB

    MD5

    df7bdf93ab8a350e14a51da58732a61b

    SHA1

    d80329229088185a8123aef0e0fe97d18d781788

    SHA256

    e7d776b7f2d96ec1290133fc8b69e7ddc9efc99a70cc25f462cd3f122c979f7a

    SHA512

    69bee99e84f908d807229e8e9c9b92d7eda6857b45f1e0225036583a272a14d16c5336bb7b1eae702c5f594b9d38ad41d1cc62f9db6ae50c4e65729a19b1f75e

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    203KB

    MD5

    7f1294f514a5b87a41af1bbb16328857

    SHA1

    b280acaeb28840f665ff0cd0ade5342a93bedd64

    SHA256

    3698eca1db070939c20cfe7fc32866024916cb63bc459bb7ec51b431ef36f1b7

    SHA512

    bc1a69d00c07df1355dd691bbb7dbb9dc0608322df19e835485304efbd22293f1adb633d1199b9b3073c112e4ec35c5599d0672bf6aee836475ddf66cd424d86