Analysis

  • max time kernel
    120s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240910-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 19:26

General

  • Target

    e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe

  • Size

    86KB

  • MD5

    8cd8f6991f8daec23107550ae4be4350

  • SHA1

    4e09d8a520e7b3a6b5a68b7195bce8f93253e9d6

  • SHA256

    e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2

  • SHA512

    995c0803daa723f14a198eacf50d90448f9e4515d6d134e820c14078ad5e2d0fef7ce83d2a25e4a2532fb2bce8b32f2b1a457bb2dc6e178f563e8ebb60ce2b1f

  • SSDEEP

    1536:V7Zf/FAxTWoJJ7TPUfTW7JJ7TPUx7C5C7C5v:fny1zUozUk

Malware Config

Signatures

  • Renames multiple (4300) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe
    "C:\Users\Admin\AppData\Local\Temp\e2884084ff248b23c142e2ee2599b92a71547f53c3e797d50fa8dcad87b90bc2N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3812

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2629364133-3182087385-364449604-1000\desktop.ini.tmp

          Filesize

          86KB

          MD5

          bec752f7972a9ca6c0fcb8cca7718f8d

          SHA1

          cec328df3e0da0245aebbf620f3868a9ceda4a0e

          SHA256

          3e1c5ba2b60ade06744220e8fc8adcf28fde10c0876de95c47504abcd0cbbdb4

          SHA512

          47026188c12d07bf32446d9637fa57c407c4278850260b710f41f01e935c43be76488928cf4143662d44454c4cf7de333bf430280db0a4d69e8a3e041ba1f5ec

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          185KB

          MD5

          cbcf98d8bc9288fb13e03d8b76482730

          SHA1

          b2bb5c16b363d91c93b48b20cd79ed18d7db5987

          SHA256

          a6a9dce69ac76e2e957859cffe8b86a4551a90de65e1637cc5c976a6ea4bdefe

          SHA512

          f6461711bdc4527f10f78a11058e571be3db17e05e454ba076564d8f7bc9f5e659684c977c195a5fee22b778693aaa7d2efaaa5f473b12018d430e075c1a908d

        • memory/3812-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/3812-668-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB