Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 19:33

General

  • Target

    ec17bd5a1137d757c2ad04d84afd1d2490a8d516279df71f9acaf56d791df373N.exe

  • Size

    76KB

  • MD5

    337db66c9b14cfc952d3fa46b5cd6270

  • SHA1

    799c58de07cdb63addab128f230ccdcda900194d

  • SHA256

    ec17bd5a1137d757c2ad04d84afd1d2490a8d516279df71f9acaf56d791df373

  • SHA512

    1563d8adf25683178e99cb05b825d8a3cb739b2380066f61c7be0a68595087defcbc44eb2781e70059c0e3741f27d41a93e9c78af9c1d87b14122e9c1e2aa93c

  • SSDEEP

    1536:V7Zf/FAxTWoJJ7Tx4PN54PNvpJzpJ0+LG/H/yZGMF:fny1EWJ3z30+LG/KZGMF

Malware Config

Signatures

  • Renames multiple (4365) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec17bd5a1137d757c2ad04d84afd1d2490a8d516279df71f9acaf56d791df373N.exe
    "C:\Users\Admin\AppData\Local\Temp\ec17bd5a1137d757c2ad04d84afd1d2490a8d516279df71f9acaf56d791df373N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4768
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4148,i,7447299413640964517,4240724842020506306,262144 --variations-seed-version --mojo-platform-channel-handle=4408 /prefetch:8
    1⤵
      PID:1448

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp

            Filesize

            76KB

            MD5

            e1e0ae3a03c0f67cc244fe0c6fe09433

            SHA1

            e2f8d15617826c4928a869fb71eeba49f13cee07

            SHA256

            711a34968fbf60af781c195302509c3f4e30413cb68ad129bc4ed427f5017bd0

            SHA512

            03ff6eaf3cf68140bac52f398aef3e6c0bff53d3720408bcc345b12072a2ac31f5f65449bc3eabdc05be19c1f3915d2149a1f9624ecaa6ed2520a63c25859734

          • C:\Program Files\7-Zip\7-zip.chm.tmp

            Filesize

            188KB

            MD5

            788bacc8a2d57bbf4fc57689425ce9d2

            SHA1

            676dd8087f19bff43bf60b38b69a28c38dc71be7

            SHA256

            57deede9d94c8be66c4636d163b762eb7d1633006d2221278a79d30c7242e26a

            SHA512

            40e71a15a277a9afe86c122427e17b4321af7ddf9ca4d4247a92c06c1920482ad1e9412f6e6175bd15b4cb488c772488f53b03a9ddcc3a029df789f8dab2e409

          • memory/4768-0-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

          • memory/4768-856-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB