Analysis

  • max time kernel
    120s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2024, 09:24

General

  • Target

    2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe

  • Size

    54KB

  • MD5

    72c81af858b4894ae917f0a1411a9c00

  • SHA1

    348bda45b36d2e3f49f8a5ca6d36fec3efe4863c

  • SHA256

    2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9dd

  • SHA512

    faaf4552a8b0288a31ce6821587fcc70dcd7da17317fb80f26e7e88e2ae77d3152744f08cc36f17838597f0ada58066bdb2c9fa2cca396d157f5792533a27214

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9+qiuX:V7Zf/FAxTWoJJ7TeuX

Malware Config

Signatures

  • Renames multiple (4658) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe
    "C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1020

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.tmp

          Filesize

          54KB

          MD5

          e0a73aa3d35437d33ed77a0892e931f3

          SHA1

          37a666056d110d5b76072a21910101dc764390ca

          SHA256

          e85bbd3cf10a44816d3d2113eed5f4ebc8fccf7429346884796c49838e654bdd

          SHA512

          d0175b63fcb4b2fc45ddcb79ab77174a859a6737d7ee1bea030ae0adfc5868fa32ebdb841cef4672c74f969b3f4a0634920acca4c5dac6623b8f140fae05e6a6

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          153KB

          MD5

          99e1b927c558c0391eef8e83a9c90ee4

          SHA1

          337d1cd2c43794dcfd6f366b44bf617464359d79

          SHA256

          6bfc3bfebc127522f9f5ed47a578ce4a01ef195605c75289edc5dd13993da647

          SHA512

          8f0b23a25815d20beb9c38044b38cd6d5e10edf18f9fa9a2070bc255bb99ec93640c7f4dec3b0c52585ed4a53c6acbaccac5b0667e2218ffc6193e2f5a879791

        • memory/1020-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/1020-910-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB