Analysis

  • max time kernel
    150s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 19:46

General

  • Target

    2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe

  • Size

    45KB

  • MD5

    66360ddcb10cb515ea6659cb23d524f2

  • SHA1

    c3af28bbfe728ed256a13ae5f6cd72f47adff57b

  • SHA256

    2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51

  • SHA512

    7e0355084a490f0735ca05051c9a520e8e98ed356bae556a01b9421636c8cdd4e23c2457feb378f2dac2a7a6be401a7f93994ec1a54c6da721a8872fbda842dd

  • SSDEEP

    384:yBs7Br5xjL8AgA71Fbhv/FzzwzgTAUAcfqg7Z:/7BlpQpARFbhNIg3

Score
9/10

Malware Config

Signatures

  • Renames multiple (5120) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe
    "C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3852

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-355097885-2402257403-2971294179-1000\desktop.ini.tmp

          Filesize

          46KB

          MD5

          550c08436afdb78cfff9169ae8058f64

          SHA1

          10d3d0c7ed89ab39c4d09aad85eb9a6a384acc43

          SHA256

          1cbfcc0967a987084027da88c56f46caa13de152a49d87f0bc8c17fe6e03a054

          SHA512

          95c06f6b079695c1b2fa8711d536993c3c94fe341e075d58701d4e30e739d133171bdd20dd75e6057e5a5ce0fac41981de7b5a882a072435b76997ff2d220ad1

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          144KB

          MD5

          b2b90f82542556ece3d96f436f831410

          SHA1

          8be1f15a4b0a8d1013a97842bb946569afeddec1

          SHA256

          11f31186277a2446b5a36886bbe04c8a295b34a56b74305990e98d51c2348827

          SHA512

          65452e342a470ff9b97f0fb392cb30e9b4fe192198c7339d438a84fc6dc15d2b31a5a10b8ac9b57a58578848ccc88d30d11fcfaefbf6d3b1d1fffbb33d1ae6be

        • memory/3852-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/3852-922-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB