Analysis

  • max time kernel
    150s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2024, 09:35

General

  • Target

    2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe

  • Size

    54KB

  • MD5

    72c81af858b4894ae917f0a1411a9c00

  • SHA1

    348bda45b36d2e3f49f8a5ca6d36fec3efe4863c

  • SHA256

    2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9dd

  • SHA512

    faaf4552a8b0288a31ce6821587fcc70dcd7da17317fb80f26e7e88e2ae77d3152744f08cc36f17838597f0ada58066bdb2c9fa2cca396d157f5792533a27214

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9+qiuX:V7Zf/FAxTWoJJ7TeuX

Malware Config

Signatures

  • Renames multiple (5191) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe
    "C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3904

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.tmp

          Filesize

          54KB

          MD5

          4eac5e183e199e92f7a4ac19706f37c8

          SHA1

          94afe3e34733e7115000c0ed2b49856ad975228d

          SHA256

          0402d90609352370ad1c8b9587ef968c97b6cc0e31008f963d6d13e3e21c2c2e

          SHA512

          914bcf799f7410ce766b3c2786611e0c0fce3bbec03c230636410a42233051acc6b2b9d24cd9120d30c68774cbe753c997b8cdf4c155a308c2a67a37050b19b4

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          153KB

          MD5

          5705fe6fccef5fd8c73c3466d2e9ad71

          SHA1

          247d181f23af7691071b32aa0539df07acdfecc6

          SHA256

          309425de42f5c98363c604c9816d66c2a00a0fcc7bd755594e5b9fe93ec9005d

          SHA512

          f032771b6d491da5f9ed503f3e1a58ab13351074b5deb991d28637af70691d85e265dc97a7ca5157f5ff746f84f307ecb9e42d0cf2ab26a436746dfb1ab130ee

        • memory/3904-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/3904-936-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB