Analysis

  • max time kernel
    150s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 18:42

General

  • Target

    156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe

  • Size

    50KB

  • MD5

    4e2b6c7cdc7905d26748c7f2b447e069

  • SHA1

    b0745f331262c347c373ebbf880de38545b02c17

  • SHA256

    156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300

  • SHA512

    6f38afa56ae170fa492066204e3c4da9d50fc1e7ee7e2cb4ad46eca583b1fa6b36b9b3d24837d2e2a9d987b8484a51e9cda9862392b7da43559685af0d98038b

  • SSDEEP

    768:W7BlpppARFbhjbhg42LcfpR42LcfpRo+fOiJbfo+fOiJbCk8t8QP2Hbww9ySqbw4:W7ZppApBULcfpHLcfp/ZeLP27wHw4

Score
9/10

Malware Config

Signatures

  • Renames multiple (5009) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe
    "C:\Users\Admin\AppData\Local\Temp\156025bd1b43d963955f4f38a4c72d82692a82fd3a1d8a3ac7673563d94d4300.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1244
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4452,i,15336851255456239337,16379811035920490645,262144 --variations-seed-version --mojo-platform-channel-handle=4608 /prefetch:8
    1⤵
      PID:1004

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp

      Filesize

      50KB

      MD5

      1b54255dd33e2176151f22343376d854

      SHA1

      ec6250049521f8d1b972b6dc6f3d6136e404f904

      SHA256

      d0879f735620116450155fe93604cd55102e036479553c13119276113c8f6e57

      SHA512

      105321730e80443865bcaea17770d23ed85f898d6d7d639dce36bc901fc828913ef51689d785244c172fde981f07f369d710165cffe5e367acc72983471cc851

    • C:\Program Files\7-Zip\7-zip.chm.tmp

      Filesize

      163KB

      MD5

      98b1a0b0b80793c1674d2f2810c56b9d

      SHA1

      a2abc68569be468e9d3fb030fa66960c7ee4c6ec

      SHA256

      f350bf5e87f9bac9c69a25e1c8e8e5fb476f52b0ae827bd51788ef4fd3c74d41

      SHA512

      9777bd4fb4b6ccce62f941f952469f2f61094b2b82fea1396c6ab51d23cb576ff9c2e3f25a8a8ac6aeba248b1c37a5d9177d8adcfb06ab6070581b82718ee1d2