Analysis

  • max time kernel
    119s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2024, 09:02

General

  • Target

    db7776ee85efc598ae157ee403ca5e204fb3482e93520f508aef56e18fdf2006N.exe

  • Size

    57KB

  • MD5

    6a7147177cb45bff3d6a0d2773a9ef70

  • SHA1

    c0c6e655349d8e12ee32c43698f85a52f242daf4

  • SHA256

    db7776ee85efc598ae157ee403ca5e204fb3482e93520f508aef56e18fdf2006

  • SHA512

    62d892886ae4dd9063f8b74ce8168e042de2eb6ace726ae40e281d8ad79b1058bef868f2126f0b60312c3117130733cb63b326b14ec1acf6483663edd4b76f70

  • SSDEEP

    768:/7BlpQpARFbhvEXBwzEXBwLtAc7Fc7GJXxJXp:/7ZQpApHoGJXxJXp

Score
9/10

Malware Config

Signatures

  • Renames multiple (4646) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\db7776ee85efc598ae157ee403ca5e204fb3482e93520f508aef56e18fdf2006N.exe
    "C:\Users\Admin\AppData\Local\Temp\db7776ee85efc598ae157ee403ca5e204fb3482e93520f508aef56e18fdf2006N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2268

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-355097885-2402257403-2971294179-1000\desktop.ini.tmp

          Filesize

          57KB

          MD5

          2a180686b88657ad7ef86fa177dda789

          SHA1

          ea65e9a610302a1e96bb5f47c733a7cc6a33e496

          SHA256

          415c0feb90d0d16ffcbdc14503056a18b1bf45e1072b1e739262b2436638b43d

          SHA512

          7d5bd69b0991d98d188b41d846bbb551f889fc60a8065868c23669102ca4413d346cd2bf7adaa5a79356011d72728dd1745962c265f8ca7a76cfe214a0bd8da3

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          156KB

          MD5

          44211e2e1318ad5eca5689a6a387f0b3

          SHA1

          acb87a2ecb2edec47744ea3e066977cf4e45deff

          SHA256

          b943e7ae46f310466b7938726a77303fbad5057f1fdf9d7c9f11e40a6a0f92f1

          SHA512

          9de0152fa16c1b190253f6c7945e829b6180b526b76a25dc5c19073775255d0b3081d9a0c1ff1125d3dd28f8c974b031d49f39e94d3d1020251314c3c79bbe7e

        • memory/2268-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/2268-956-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB