Analysis

  • max time kernel
    120s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 19:44

General

  • Target

    7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe

  • Size

    91KB

  • MD5

    f1dccbdba6847dadf05cdef2ed710710

  • SHA1

    a2dd483e654003e1b042be60693c3ce70e7f3293

  • SHA256

    7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079

  • SHA512

    4d34465c20e4d08d1bb6a12a3fb99622866c5068e105d530dda1f5620fc2df6f42083665e4171717604eda45464c291513d56496e6843a9b43d6772ad8b2b019

  • SSDEEP

    1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKgg0///x9zK+:69WpQE0zxg4n3

Score
9/10

Malware Config

Signatures

  • Renames multiple (4576) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe
    "C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:184

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-4182098368-2521458979-3782681353-1000\desktop.ini.tmp

          Filesize

          92KB

          MD5

          b67c7a000e4f9d42a1bad234652e4b8b

          SHA1

          044725a860014cd74638854a8aa5370e14167f47

          SHA256

          ca91073c8a916ce59203b7ae1a886c6739e2942d78b6834b1fe2b73db3112e3f

          SHA512

          7af044209b7d821061bfba68554ba84ff2947a31cc910c0611cf365e431c1b0e3c88ac9f3a8321ec738549a43374ff0de3a3385f89078dae6eda0f269b71d9fb

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          190KB

          MD5

          53d117d151b535aae326395abdad2d6d

          SHA1

          416be11c11cff6c7d62ad1d3f9359289a1b19dc3

          SHA256

          7f31c2994317be39f7753db5dcd13b034525128f117e4b4bcfeff376c54f35a7

          SHA512

          5a143d8aa209ff4af679db3e7d62e29e9c84edd1a67ed415b1d05569b99f3f79092d5cefa6dbeba44d6e69b49e8d5dbb85c0fff2103c0706245ea978c4732932