Analysis

  • max time kernel
    120s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2024, 02:42

General

  • Target

    429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe

  • Size

    36KB

  • MD5

    92db6ec56ef5ed36efe5c3a508189a20

  • SHA1

    984ff854a3798f2bb67214e354ed2ed4473dbb3e

  • SHA256

    429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352

  • SHA512

    868f654b684f383bc699cc85e5fee611e8cd371e9d34c97fd1d7f1fe925803ff7eb71dfa8c4cf0176ffbdded63d25b3ea45e96098f215f2755edefce405af7a1

  • SSDEEP

    768:kBT37CPKKdJJTU3U2lRtJfOn33EskmKs333EskmKs/ZqZJ:CTW7JJTU3UytJfOEfmKjfmK1

Malware Config

Signatures

  • Renames multiple (4655) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe
    "C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:220

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-355097885-2402257403-2971294179-1000\desktop.ini.tmp

          Filesize

          37KB

          MD5

          c7a509d9532dc987279ea62c3a0db203

          SHA1

          3ffb9442ad8a05616ebb29bd0a02e813d5c95e36

          SHA256

          b0a1a1dd1b57b57e3df144b62f14d5b9369569d6402f1b3f8ff2e8d7f616dfef

          SHA512

          e7c533eb6d5b44d2575cc66210a0b83f9605ec4d93c7f4c5d72aa4f2b10bc20cd7905e692cc2d9f9a5f269b76d4967659819d438abf28c87ca2e2e5754b4d7fe

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          136KB

          MD5

          3ccdccb35b87dbb299e2c4327dc53536

          SHA1

          733235d5ffebbccf1e3778b8f92852993fa59d1a

          SHA256

          9e9acc0248cbef08b832eb88801c16d520ab70208ece24d4270ecbd5eaa99ca1

          SHA512

          2451154c38d6822ad255020f9f23de080b65708d12488ff592422c77337634dec38501bf4a8c399cc08cad60f562b216f55272115610e721cbfb022637b00793

        • memory/220-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/220-957-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB