Analysis

  • max time kernel
    149s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 19:39

General

  • Target

    637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe

  • Size

    53KB

  • MD5

    55ea72c5060c4c3e00686166e67afd26

  • SHA1

    c45be02a96d971fec76870862948e1f5b5eda0de

  • SHA256

    637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97

  • SHA512

    a365713332259b323b8837cdfb3568a204b66543ddb074cb3ab0f8ef78a71aaefdf0f26da60b91ce2c111e286c67205d4eee7506aa644aa12c417c116789545a

  • SSDEEP

    768:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJhATNy2/mepYXwILQ7ZVnEbisFhiXFharp:CTW7JJZENTNyavf73tQqarnp/

Malware Config

Signatures

  • Renames multiple (5194) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe
    "C:\Users\Admin\AppData\Local\Temp\637fe7662560ccf1891459b8730570323d3ca1ce165204c550a9923dd1784f97.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2484

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp

          Filesize

          54KB

          MD5

          0b431d12b2d1d9c6be9130fd2d75653c

          SHA1

          3f05a16cbe431c7935d06855cd3527ab69aad643

          SHA256

          badd370eac0d5536757721d4badbb431f67aaf53fbe4547240c6fc59aa3e025f

          SHA512

          3a23323d271dcfc2fdcc43080fad9c19b96d1c83a29b3212b775d253e78915a750f2b61c6c4146e68c93534b11a05d2afe15d59d7bc6b5efd4dc2e5521326b8e

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          153KB

          MD5

          4cabee066f6f9b07c47c6674b8d342eb

          SHA1

          cdb018874435365b76b08855ef10a90e497b51fc

          SHA256

          805c904dfb31a91847cb24c311562c2fcde4468633d2e7d5a83add8e5b9eb9e2

          SHA512

          12d6582b9c27ed1d5cd6f653e6a262718aff8ae507af16b7ea47b2515aaf4b453cada630ecf5d72c54593ad9e5027c5a0a75c221121ca7ec07233bbc41ce50ef

        • memory/2484-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/2484-910-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB