Analysis

  • max time kernel
    120s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2024, 10:02

General

  • Target

    87b0e25b5f449401bf0cf0e20c34c07ae2c1da28d37e2fac1a38e9c62aba799cN.exe

  • Size

    58KB

  • MD5

    dde289dc86af6e75ace0c331235bbbd0

  • SHA1

    d1b6e024c315b4b526dd93b07635118b85be75da

  • SHA256

    87b0e25b5f449401bf0cf0e20c34c07ae2c1da28d37e2fac1a38e9c62aba799c

  • SHA512

    0037a7e2dddf6a3181feba56e03a444648af503d1063a19fdc6845e828dc7956be307faa11933b23e45e6e2e46c74657f50d0cfe5c36353109f7689f416f2d10

  • SSDEEP

    384:yBs7Br5xjL8AgA71Fbhvszw/Evd5BvhzaM9mSIEvd5BvhzaM9mSqZsSb9hZs3V7I:/7BlpQpARFbhvEXBwzEXBwLtAc7Fc7E

Score
9/10

Malware Config

Signatures

  • Renames multiple (4677) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\87b0e25b5f449401bf0cf0e20c34c07ae2c1da28d37e2fac1a38e9c62aba799cN.exe
    "C:\Users\Admin\AppData\Local\Temp\87b0e25b5f449401bf0cf0e20c34c07ae2c1da28d37e2fac1a38e9c62aba799cN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3132

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.tmp

          Filesize

          59KB

          MD5

          3dcb143db0c72b50eba44a59f434e6df

          SHA1

          0e9156ad112c3db981607c4bdfe5639d322751f7

          SHA256

          e1898867add904cbcf1e44fa0f6f21f607dc0e016afda9c6c28b4122ab1e3cf4

          SHA512

          829be1b9f21fac1b64ef51904991369e15113223b86eafa2e2c3c7fe6e9c965a916e12270d758638f2f2a1dc144ce12d7ba57a84de6c425c9bcf4268147b59ae

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          157KB

          MD5

          33d7688ead1a7c1c792ecbdabdf3ed9e

          SHA1

          b197bf152ac7ed2bb4518afc21f580cc2d0ab59c

          SHA256

          3f29d4a9e96da8c689867de52b9b563b101cfa48421f646bb4a5697fa7a4dcb2

          SHA512

          c3f6c17d338d964b4f5504d6061d267ccf642373e20cccc53496cc439d8358ee6f52f36d56f14357d4320c575b3c623dbd3488435f8e9e8389107e429729ed87

        • memory/3132-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/3132-1010-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB