Analysis

  • max time kernel
    120s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/09/2024, 05:47

General

  • Target

    3f0adef3fb28c8a7f6d36c708545f05501c93b866279b8e52ff6afd886bd9381N.exe

  • Size

    61KB

  • MD5

    87337807eab6f759ef4441f2774c04e0

  • SHA1

    b48daba0525d67c123f8f294bc9238a4f9998240

  • SHA256

    3f0adef3fb28c8a7f6d36c708545f05501c93b866279b8e52ff6afd886bd9381

  • SHA512

    76f5dd8d294643aa9a393774f803d2b063aab11f5acd0effcbf8540c8e4064bfc30f9c091cdd1b85bb6ef950558080405bc80ed50826356d69816d929caf3fc3

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNyHF/MF/6m0m+Q:V7Zf/FAxTWoJJZENTNyl2Sm0mKg

Malware Config

Signatures

  • Renames multiple (4644) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f0adef3fb28c8a7f6d36c708545f05501c93b866279b8e52ff6afd886bd9381N.exe
    "C:\Users\Admin\AppData\Local\Temp\3f0adef3fb28c8a7f6d36c708545f05501c93b866279b8e52ff6afd886bd9381N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:208

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.tmp

    Filesize

    62KB

    MD5

    ab486e5df9973cdd3e1241c750eeac71

    SHA1

    d6394924456b37fc9812410a3c2c80061e605197

    SHA256

    eb5aa783670044f3ee50d01a6d79eca26e9b4d7d7485f140d04b4304ad0a231a

    SHA512

    21d6cb292d74fa5ff9ee0ef1a7a2d007fae2da2954567971a036fb8c22b0cce0f88c27aea211c3c88ddd57f1df521a274e6a8aa74cc01fe69afa8e74b70bcb28

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    160KB

    MD5

    880590cf34cc8225a4ee08e1de0ce6b6

    SHA1

    cd3f1346778c49ba03228a3c65c6ab2e7aac1076

    SHA256

    6e13e7ff81732d79b2f86b8baf38d62a35093af8e5d8901f261dc866880fb3c2

    SHA512

    0160ed334124f69f02b14cf09704475032b34d90a3613adfa8e95d75af4aef252aca1cd3281670a480c89b70ce5d78d18b7521d9da5db4702056ca2967000f8b

  • memory/208-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/208-916-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB