Analysis

  • max time kernel
    119s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 19:35

General

  • Target

    0c8e66e0e5766fcfd2f21504f895c6711c06c3a4077b055c60d4c1def99e5497N.exe

  • Size

    47KB

  • MD5

    cb4c6fdd7da4e7fcc39807044050eb10

  • SHA1

    5ed020fb92b763275e6048c1c4713cfe51ed5843

  • SHA256

    0c8e66e0e5766fcfd2f21504f895c6711c06c3a4077b055c60d4c1def99e5497

  • SHA512

    06e625e912106b84083eed247fe033207bb60ebed69fb8533327ff52a36a67b4cf25eb3341c1fa121deb19b5554e33e918b0997b4de0d5239dca2e388fe02afc

  • SSDEEP

    384:GBt7Br5xjL9A7AgA71FbhvnIH2YsTKnKqtaW3WzlQ:W7BlphA7pARFbhvOsTKnKqtglQ

Score
9/10

Malware Config

Signatures

  • Renames multiple (4671) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c8e66e0e5766fcfd2f21504f895c6711c06c3a4077b055c60d4c1def99e5497N.exe
    "C:\Users\Admin\AppData\Local\Temp\0c8e66e0e5766fcfd2f21504f895c6711c06c3a4077b055c60d4c1def99e5497N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:448

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp

          Filesize

          47KB

          MD5

          2937c3c501a5f88e1acd32221d7b6779

          SHA1

          91d6ab303dd43ba36729b8b0ffe274114df1cf9d

          SHA256

          e750c695e84274ed9be42fadd157ceb09441ea3ed2ce59a9b3b4c20a719e8c86

          SHA512

          f7b8326839d54ebb90bb4120f5c9c248f7b524ca73c17691001f1a97ca7f51619d761643919523821e40b9f44fe84f2835e18bc5986a931ecfda8482307db861

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          146KB

          MD5

          21d2466ea08d06b8a90af584188e9f1e

          SHA1

          663e3cc948d88e80f1357f27f3370d45bd140f73

          SHA256

          6812f69d86e3ac960a8d94547140de5a71b6b77a0aaff43eeee2e2b4b7cd2121

          SHA512

          8f93e2ec83d985c53c9569e9dc8e837abb3d94e5e5e04e28acd928ec0d89c00525044f1a9c6cdb587b31e8f21eeeb3237d9e35f2d99d5ab60495a8b4fd1c6400