Analysis

  • max time kernel
    120s
  • max time network
    117s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 19:55

General

  • Target

    f91a3ab4a77e9a360a5f6f7f8cff36b75905526a33e02d167c9665ac99bbe04dN.exe

  • Size

    100KB

  • MD5

    58f275dbd14b3956575a7889c4cc6f10

  • SHA1

    978e51450fdc09850fd76f15b00530333d8d22b4

  • SHA256

    f91a3ab4a77e9a360a5f6f7f8cff36b75905526a33e02d167c9665ac99bbe04d

  • SHA512

    8321ba7bd8be11206ddf9808d3ee884d54f02718ee76e4ccd9cf5391bf1cd043d183db12756ad136fc28a4f138cf75af10677b2dadc7c087b011858ea5a683e2

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxY5jVBChFd7naVF5sQwyaq6ChFd7nab:fnyiQSox5k

Malware Config

Signatures

  • Renames multiple (4361) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\f91a3ab4a77e9a360a5f6f7f8cff36b75905526a33e02d167c9665ac99bbe04dN.exe
    "C:\Users\Admin\AppData\Local\Temp\f91a3ab4a77e9a360a5f6f7f8cff36b75905526a33e02d167c9665ac99bbe04dN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3304

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.tmp

          Filesize

          100KB

          MD5

          848dff4e6b198f082fe076549297c206

          SHA1

          a3a17b841fd83f6bc9bc31acf62bac2aa6f1c3d1

          SHA256

          49b217cb15c48559184613fc99c8ebccac17a69b3ed521407aa2d1e422b2b244

          SHA512

          3e760e38fc5878c4bbd4ccd5e4b8ef8df891f3da9036e4a9fd0064d3bdc1d561e723c1eaf5d41271877f6730d716249de68982555c372399be02ac1d77a34d66

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          199KB

          MD5

          b555d70c3fb19ceb5f0063b8f923e196

          SHA1

          86451f2166c58832aa46bd43de15c98408ee6537

          SHA256

          ad447b5d1c05b7f1897c78e6a0cdff3fd22a24130eb0ab0d707200b6488b17d2

          SHA512

          5a9e140613df1b813d20f54cb4f9a6123c2ab2e1e36a1782ad2fd9e347613445a3d315e7d0265747dfc105854f6e5582dfc1baf33108b3871309b7bc190b7b67

        • memory/3304-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/3304-846-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB