Analysis

  • max time kernel
    149s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 19:39

General

  • Target

    036bae17ebd20b48963ea239df73542ccb526855d4744004e9b46899fef3be72.exe

  • Size

    29KB

  • MD5

    464b21a55dabd603775288482ffdd1ca

  • SHA1

    33fbc0a920f64339b6e718e4b4939e7bd29abe42

  • SHA256

    036bae17ebd20b48963ea239df73542ccb526855d4744004e9b46899fef3be72

  • SHA512

    c6fa72535b06787585dfc62fc890d39644a60503ef10f1c6acb236688143b2b6a1d92bfacdb6e8ac05e75e958a880b8a2f88e85dfb3ea5722e8f5432252855b3

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9yVz4QVz4C:CTW7JJ7TgB4QB4C

Malware Config

Signatures

  • Renames multiple (5328) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\036bae17ebd20b48963ea239df73542ccb526855d4744004e9b46899fef3be72.exe
    "C:\Users\Admin\AppData\Local\Temp\036bae17ebd20b48963ea239df73542ccb526855d4744004e9b46899fef3be72.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4632

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-523280732-2327480845-3730041215-1000\desktop.ini.tmp

          Filesize

          29KB

          MD5

          9bcd8b260e5c8a1544bb4c2e981288f9

          SHA1

          c103add360088b659ba832defd90e3165a257018

          SHA256

          48c7d6a491e183e3f53a50ff5098246f808c88745293366fff0b8d1b5e11baaf

          SHA512

          6ca12fb8423edb336f624101f094a3ed6106d4a52a35324c3ebe2d5d5b6a54c511d4e1f839777c38aca796c3fedfd4f94cda5d05637bac7dfc7457d75a1a90c2

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          128KB

          MD5

          c1f71f0a098ad7cb0379692438dc4f9e

          SHA1

          246ba62b1cb199d95a4123ec3358f4ca7283fbf8

          SHA256

          bf3404f16846ec7dade17399b4c440bdb2fa4fe341e5be20773b6acec3efa113

          SHA512

          02d59347c4eaa9846598342c497d41dee6fc0b0051c7a275d3366509f65b18f89bc351c07b4f315a03331572c2cb72e37e3c656b02209aa3fdd5c5353de2cb30

        • memory/4632-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/4632-1086-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB