Analysis

  • max time kernel
    150s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/10/2024, 20:01

General

  • Target

    3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe

  • Size

    81KB

  • MD5

    4d70409e5fe9610c075ede92028b9500

  • SHA1

    d365dd45577be1a86c98a2e97cbbdebe183371b2

  • SHA256

    3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17

  • SHA512

    5f4de5082eb0e8ef4f317d14a7bd6b413c08e402d67ad7b328bacf9995b01a9f317883b6a7c70def9bcd5fd997737c684671f3c9a84e2a4919342ceff7b0ad6f

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LObC8p8f+EA8N1J3DCl4N1J3DClIGpyPw7lbV:W7ZhA7pApM21LOA1LOPBlv6BlvQ

Score
9/10

Malware Config

Signatures

  • Renames multiple (5192) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe
    "C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4540

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-523280732-2327480845-3730041215-1000\desktop.ini.tmp

          Filesize

          81KB

          MD5

          70491ec4207bb3b43e43cf617767097b

          SHA1

          bff92190b0e7cfa43c38f5870a667a9d28712549

          SHA256

          cbb04dd4ec384f7069ab1ad4f4a11567805daf2b2bb5ce255ae34ee085576d73

          SHA512

          f45e2458fef14da9bced7522690f55784de68290f1d11448a252abf07028c268f28f0693425903f99a8476c67fd5ee1ff55d3cecd6d7a80f8362957a73665f33

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          180KB

          MD5

          b826a2d0a2bb7801b2834fa7817b99ef

          SHA1

          a560482009c02498d707e5d5b0e9f7b7b8046066

          SHA256

          4ee83cb4cd505abd9441984db75e5c3d046545e82c278d8f0164ac324c3fc622

          SHA512

          28a0ef1cb32c5419cbc9cf72336f7a18226625d40492bfaf804756f47016611064c8cb59ba5a91222fdc425434faee0700a56c6ed1132ddd747b576abce4e837