Analysis

  • max time kernel
    120s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/10/2024, 09:32

General

  • Target

    31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe

  • Size

    100KB

  • MD5

    f4e71bd16dd33b01fe3e7942185adb30

  • SHA1

    79cc62e578fa400fbbc7f448cdc3dae6a73a5e49

  • SHA256

    31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691a

  • SHA512

    c31de266e6123b55e16833777e8518473ebec1bd10f0ac70c3e83857c1eaee4e65017c8ece487e9c7b1e8af29d906401e5c47a7a86ef194ccb3447a8449a6691

  • SSDEEP

    1536:W7ZhA7pApH9QHwtRF9ESWu0SWutlggalggEpVp+ESIXosbosP42:6e7WpHIyRF9ESWu0SWuDmmSIjX1

Score
9/10

Malware Config

Signatures

  • Renames multiple (4542) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe
    "C:\Users\Admin\AppData\Local\Temp\31f88864e4e8b0e69707bcdc2aa9ba45a360e5b7bfa056308d1f874b9667691aN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3024

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.tmp

    Filesize

    100KB

    MD5

    875985b5a94591ebb124352f54fb7440

    SHA1

    6f3f30e009239e87af83f8005336b23422776621

    SHA256

    9b1f567c9ba4f93e83e261a241c3a70cdd7626c2c8d1495a3b7cf7f919f360ba

    SHA512

    6267e3442f4b869890277b7f435690ed799b99a60e44add9c130259408f3647de5777994a9e541a6a27e22beedf06459ead70a58158c18cf4b23d243aa4aaa82

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    199KB

    MD5

    5343a2b373fc6cacca8e94bfd523f466

    SHA1

    1f628d37b41ec28a5448b71a7091857070a61506

    SHA256

    8f017e950a9bf3b585cea994ccf49ee24bec89af2f0aef364074536c636d654c

    SHA512

    647617b57dbb63969d1ec6c083a852e058c843204bc5f378d88ba7bda7df7facd7c833e2089cac2789fd85f12f7e0d7c7f53a6c41a4ae15083fbaa31209fee78