Analysis

  • max time kernel
    119s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240910-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/09/2024, 08:18

General

  • Target

    c91658f0a08f73a863b30e9a93ef0000N.exe

  • Size

    61KB

  • MD5

    c91658f0a08f73a863b30e9a93ef0000

  • SHA1

    c0c7290fdd12efb557e7964d7ec3a517b67ac165

  • SHA256

    26912bf6629ee4af0c6930c821096981b279246dd773c72a0eb92d79f7f0601f

  • SHA512

    befdee09378151fff04b6149f966a39ffa98da80d54806ab1c6d85a3aec06687e55ae7c21b2cb522cb73c45ed0ec374b7b5c3da807df5ea5d2b159236e8f24fe

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/tiz9CQCh:V7Zf/FAxTWoJJ7TTQoQz9CQCh

Malware Config

Signatures

  • Renames multiple (4646) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\c91658f0a08f73a863b30e9a93ef0000N.exe
    "C:\Users\Admin\AppData\Local\Temp\c91658f0a08f73a863b30e9a93ef0000N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4940

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2629364133-3182087385-364449604-1000\desktop.ini.tmp

    Filesize

    61KB

    MD5

    a538edf8cd667d8c2140e72e3fb6fdcc

    SHA1

    de988be4d984f72ae6fc7a65ab99c2f0782deee5

    SHA256

    6a00f124cb44e19f624beff9920ef5717dba03de433612d38d7ad00bb1e8453f

    SHA512

    3929967f228b9f502d2d80e812029951989ca60bc36317dc282183cdf21f4385ee51d80d7aa873174cefe2ed5d1ac7acc65c5e362b45e3ea1cd880e080024d61

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    160KB

    MD5

    48ff169694fc6a4898a7e67df19a0f09

    SHA1

    83de6ce9f9bcf4ebb8ca1cf74dabc81b91cbef99

    SHA256

    992741c36382fdeee7895238b3e7019313ab7d15362eb8ab8587b49cb8c53213

    SHA512

    5c9ea2b8131853953eab18f03344ff632995e2a88a2d6d798d0c0606eef7e3802ef095cf1d5e8d5adfb710ac89531561978bbe35877e42fbf89816d016b42100

  • memory/4940-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/4940-784-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB