Analysis

  • max time kernel
    119s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2024, 08:49

General

  • Target

    3bbdde86e1521b6de72c6de1dd177c9d90526fbf431196fefa3362fca43d67b6N.exe

  • Size

    45KB

  • MD5

    3624c95b81cb28f2a555b2842f3289c0

  • SHA1

    027e206dbd6508c3970c3ff2ced9e36b555a8a42

  • SHA256

    3bbdde86e1521b6de72c6de1dd177c9d90526fbf431196fefa3362fca43d67b6

  • SHA512

    da594b2ecf08dd3c4719cae23784078ad3ae1f49a713249c1c483fcf39d82fe26696da6f8aa8d629245324cdc5668497d783822b64b814ab85ec22466a8e0880

  • SSDEEP

    768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFcdyGdy+zWzS//YBB:W7ZppApBULcfpHLcfpyDcdyGdyaIBB

Score
9/10

Malware Config

Signatures

  • Renames multiple (4652) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\3bbdde86e1521b6de72c6de1dd177c9d90526fbf431196fefa3362fca43d67b6N.exe
    "C:\Users\Admin\AppData\Local\Temp\3bbdde86e1521b6de72c6de1dd177c9d90526fbf431196fefa3362fca43d67b6N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4224

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.tmp

          Filesize

          45KB

          MD5

          9c1e934ca36c664ff398fd2e8079f66b

          SHA1

          27851204579711ca72c57103f218557cb72b8ac6

          SHA256

          879fb159074b8afd52657d4dc09ca0f66183d4247c5f211d52dd8f6225542193

          SHA512

          8f79a3b76d8b8ed2806ba5a92ca57af90a2a614ce0aab65d68260ee147c76c3aa92d13da4d214845f97c1be74186de0ad821c3b374dd07f808b88582d7eec189

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          144KB

          MD5

          095d8123430b67b174824b7fc8bc1e86

          SHA1

          ddc7f3c3bf53c4ba0fe9703014d284e24b257baf

          SHA256

          1add8ab5b4489856fb098a4cec1c6c113e15c92bdb2ec74e97d36fea8e24739c

          SHA512

          f8b256fff99fefc441eee55872b0858158ca233b9bec9f85fdb597417979923f663a0a21816f776f7aecbdb46a61415ea7fc93d1085ae6985ff67c3b6c93508b