Analysis

  • max time kernel
    60s
  • max time network
    36s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 19:25

General

  • Target

    26923c28ae890904e9b763e8e901cb7d9244836b8fb527be722e8eae0aa38397.exe

  • Size

    62KB

  • MD5

    2ead3c28410de382e0cb99df9fb6b641

  • SHA1

    d91c097363beaa81f518e0268e4e8c72617338fe

  • SHA256

    26923c28ae890904e9b763e8e901cb7d9244836b8fb527be722e8eae0aa38397

  • SHA512

    175a7251af345b23a74a60b9d2bf05ede6dff351642987f69f0cd620d1ade4fc9968c4a9ea30b44316bf19695aa2865d79c75c6054f87ea4596f0362b1f9f215

  • SSDEEP

    768:W7BlphA7dASbS7EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKeM:W7ZhA7dAynMdyGdy7YRY4rhrI

Score
9/10

Malware Config

Signatures

  • Renames multiple (1781) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\26923c28ae890904e9b763e8e901cb7d9244836b8fb527be722e8eae0aa38397.exe
    "C:\Users\Admin\AppData\Local\Temp\26923c28ae890904e9b763e8e901cb7d9244836b8fb527be722e8eae0aa38397.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2316

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.tmp

          Filesize

          63KB

          MD5

          df22336120b6410a0187486c6a286d03

          SHA1

          958ac4eb251820ba5bf05798a2857655e345b92e

          SHA256

          b419d87b10f808282f08e58043a4b21872252c9dc4ca315f556a2eea1803844c

          SHA512

          71098d95cd37788273c56daa012ec94778783274028713e976a997d139db56a0febf15fe6b0d94d7716f895c939ed481488858d1acb25671ca3c1c9bfd390cb7

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          161KB

          MD5

          a923d18221e991905f840812ff66a339

          SHA1

          9a10ef46b3a4a1d660a9f3b83b6f6b5d68ac63ea

          SHA256

          e84cc4f65292d40d1e068db15deb10ca17b956d2152f47a97f23a56a21d940d7

          SHA512

          5764f19cc3b8b03fb288464bdc73c82e8254b5527c50b6e47c332e9585488a8d234bfe8455070f1670fff04cde19291857812a3bdfe757928fdb66ccc546826e