Analysis

  • max time kernel
    150s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 19:22

General

  • Target

    6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe

  • Size

    88KB

  • MD5

    d71042b5869cb357925bc60d3d97ee4f

  • SHA1

    1abca5ed793277601d80a3bf67508428f4e2ef8d

  • SHA256

    6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48

  • SHA512

    40d45c5730ec9c0edbc5cb1b3866cdf1fdd565ef466e42a550d59040cb7620c183c9074baa45e1b7556997acad37f7569703080f57ea3ec025dd27152cf875d1

  • SSDEEP

    1536:W7ZppApBULcfpHLcfpyDj7ZppApBULcfpHLcfpyDW:6pWpBwchcwDBpWpBwchcwDW

Score
9/10

Malware Config

Signatures

  • Renames multiple (5108) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe
    "C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4516

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp

          Filesize

          88KB

          MD5

          b694c94daa34ccfa91c7d6bdb4ae9e1e

          SHA1

          6164a08667520fd219f7fb55975dc18756010246

          SHA256

          0a5989ffb6ee2aabb67ab4c9d460adbbb7c85feabf65734d96f6141c3d23122a

          SHA512

          a422cd6dfdb0cbf4523f57bd1df30ed5d15e5eee5aa398a2e881d8a4c6350ce5a2435e99814250b41289728b8713f0b7bc4ce29c8bd68608cd186a570491fc04

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          187KB

          MD5

          cba4ad2fa832d2a0a76f6b3458b4ee7f

          SHA1

          baed68997b24f10f1dc2f8d02349a91553299aa2

          SHA256

          7ba58da721a5ac1c49189432a7cdb42ae412ab4ad184588bccf86f23ff7bf4bb

          SHA512

          e32b6a605cd2f2a42d1a5d269aa99e34044932403d4c4fbe5bebab81a929ba9d54eaeead87eeaff49009edece67e55bcc2eb10972a854c0d9b859546dce532ad