Analysis

  • max time kernel
    120s
  • max time network
    92s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2024, 08:58

General

  • Target

    1ae830820411280278896e6c2300de8ace37c35d7d511ec20b3c942d06e74447N.exe

  • Size

    35KB

  • MD5

    04b5851996067f8b5e333e9b5c08e9a0

  • SHA1

    a672aaba53863a2e1bf55309903fdbeb68e40a53

  • SHA256

    1ae830820411280278896e6c2300de8ace37c35d7d511ec20b3c942d06e74447

  • SHA512

    b9f81533b5462e0108263e1d8583c590981b97793276b646c83adc80fcf855ff0e1d24e2befc7408b27bc7551713b5681a9fa7e5ee12e09411f0f5eb2cca3350

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI94690695:CTW7JJ7TuK0K5

Malware Config

Signatures

  • Renames multiple (4677) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ae830820411280278896e6c2300de8ace37c35d7d511ec20b3c942d06e74447N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ae830820411280278896e6c2300de8ace37c35d7d511ec20b3c942d06e74447N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4948

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.tmp

          Filesize

          36KB

          MD5

          d4417a6c97db9129748d8236c386acbe

          SHA1

          e5002f9fbf88e7e68d1381a6a285a4984e38ca85

          SHA256

          70fe6a5fcc4b3869dc8dcb8394f4dd9a376d7dbbbc68d8b84af9003fda963d72

          SHA512

          baa784840cf44d876dc08fb302d1a7ece4e2585e9b2dd2b47d3fa8de88785d9e99ae1f95e3427af8369323088208ad023e710f7e8efa47f3ed2a0bfc41508b73

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          134KB

          MD5

          426128aac012842260ed62ad355a80d1

          SHA1

          22bf3fef7fc744620e0dfcf13b8c2c0cff5dac7a

          SHA256

          05134d5099699107075ada5af844e9ccd0ef22af7645f7a42ea8875a5ebad325

          SHA512

          e529811998c0b96466bc084ed9317a0a67d31ce3f14e3edc5ad08df17fe84e81e005386930852c99efeafb13a308ac7eefc2d3dbca0f3f579b351d46da9cf3a8

        • memory/4948-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/4948-954-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB