Analysis

  • max time kernel
    120s
  • max time network
    109s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 17:08

General

  • Target

    f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe

  • Size

    46KB

  • MD5

    f86cd6f31bf7dd6e16033f9e1a401d20

  • SHA1

    d8e994b57adccc29fd6c28ab87bedee0e1b8c0af

  • SHA256

    f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814f

  • SHA512

    05087626b2f441b0dedfd8e761583ac4e2decb6a707ccca1f67675dc7862ca6976ceb8f359b7659bee19f71d749d3884c667044afc094a1fdbfdfea7eebec41d

  • SSDEEP

    384:yBs7Br5xjL8AgA71FbhvBfepj3cfepj3KtLJilqGelqG4K66CPK66CuJ:/7BlpQpARFbhq1KtGFGxNCSNCo

Score
9/10

Malware Config

Signatures

  • Renames multiple (4643) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
    "C:\Users\Admin\AppData\Local\Temp\f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.tmp

    Filesize

    46KB

    MD5

    8cacc5bfa4625b669471722373866bdb

    SHA1

    1bfdb6aed95269682406128734e60949b8e2bed5

    SHA256

    e7004a71b4b19d8a740199b30c36b4082fdf89387f2d6dbd8be74d797e8a2731

    SHA512

    eb1be8617fd1de97c7ba0168182c23329cf257ef9119c296fb29f44257855417bafc8c4476ccd74f40ae0a9bb2e7055e3488caf46f9c88cd1949e2aeadbf5c12

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    145KB

    MD5

    ad01980fe6249190b5960415e9820ab4

    SHA1

    ac76cb13ea9d93e060abab9727709b5ce5bc0ffd

    SHA256

    730611ba3fbce1c34a63bf98e37e8d009cf15ae7d7b35b18d93145906a6e24e6

    SHA512

    1a300b5a9ff5cf09bce1517154c23b32bf3bdb22d617de76a1a3edef19bafbf99d2dce398dbf7106f6ebc44afbafa1bbb77a2af2bea97a3e2f467b2b6d55c2c8

  • memory/4976-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/4976-914-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB