Analysis

  • max time kernel
    150s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2024, 09:04

General

  • Target

    db7776ee85efc598ae157ee403ca5e204fb3482e93520f508aef56e18fdf2006N.exe

  • Size

    57KB

  • MD5

    6a7147177cb45bff3d6a0d2773a9ef70

  • SHA1

    c0c6e655349d8e12ee32c43698f85a52f242daf4

  • SHA256

    db7776ee85efc598ae157ee403ca5e204fb3482e93520f508aef56e18fdf2006

  • SHA512

    62d892886ae4dd9063f8b74ce8168e042de2eb6ace726ae40e281d8ad79b1058bef868f2126f0b60312c3117130733cb63b326b14ec1acf6483663edd4b76f70

  • SSDEEP

    768:/7BlpQpARFbhvEXBwzEXBwLtAc7Fc7GJXxJXp:/7ZQpApHoGJXxJXp

Score
9/10

Malware Config

Signatures

  • Renames multiple (5274) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\db7776ee85efc598ae157ee403ca5e204fb3482e93520f508aef56e18fdf2006N.exe
    "C:\Users\Admin\AppData\Local\Temp\db7776ee85efc598ae157ee403ca5e204fb3482e93520f508aef56e18fdf2006N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3280

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.tmp

          Filesize

          57KB

          MD5

          a5b1d4a91152d0aab31844219e715b19

          SHA1

          de3db2b23f22a0f95b7dc38fdde1690613b079ba

          SHA256

          68497cca92126b39533e05b95f65fa9b5eba384f59b7c1d514e43510678b3ef1

          SHA512

          00a86c2014466a5ae297d375516d570ec0769e10ce8b80b727ff58195890c2d809cda0e8bc17b82bed05dedbd9e1b37fa9d99df27b149f31de2e691c39d9f850

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          156KB

          MD5

          cbbd630e5cf592cba1a76b54472bf732

          SHA1

          e08239bce81939783d2c580dbab772167f7a331b

          SHA256

          e99fe4135495c1c104f305fa17a493a038d247f43f85ea8c026f98181b607abd

          SHA512

          02647674aaddff34a5c55b0ed911b0aa406127df9980c8a89c1cf48f650f9494229ea3baae41d2e4fdd354afef4670f95cbdfbad009b958dad8d166acf9873ff

        • memory/3280-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/3280-967-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB