Analysis

  • max time kernel
    120s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2024, 09:49

General

  • Target

    0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe

  • Size

    58KB

  • MD5

    9fcbdf999a0194c94a30fd4ae09902f0

  • SHA1

    62758f43ae7e0d25cef2bea0c51c4159350fde01

  • SHA256

    0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356

  • SHA512

    a301e6b4d7dea57376440ab7bdbed119a6109591272e5ccf177826e15ab2a5e3614cf8b6b9a6e510e5f4c54e4a1b90dca627932f4464b82e90f1978801886cb1

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjSEXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rz:V7Zf/FAxTWbi7UhUoomo4

Malware Config

Signatures

  • Renames multiple (4651) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe
    "C:\Users\Admin\AppData\Local\Temp\0486a588957cb7f4ecc2e8ad77ee2510ddfc6d37e12e1ab4c80e3b2d7b8c8356N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4456

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1302416131-1437503476-2806442725-1000\desktop.ini.tmp

          Filesize

          59KB

          MD5

          429a8c7f3b927b01634346c058930294

          SHA1

          60f538c8043670403118d47ad47aa958bad8b2ff

          SHA256

          6744d49006d33a79a72c6e487869c9585c363c209ec95c5d1ea6104281914710

          SHA512

          851daf26f935add7da39fd33b955fbde2415bd16ebae393cbf8f798f2492351d20fd2337237686202f4e4ad67b1ba7cdeb540264d16a1e68d1cd582c3ae08bfe

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          157KB

          MD5

          9d25208cf8217b8758ac6064d690298c

          SHA1

          1152a44ad4dd4afc4629d451c6ef73aa28853840

          SHA256

          b0afa56ab2103146fc183214a45201ee90633969a3dcca13a448f2c003290939

          SHA512

          0cf4b88e1e51483ba739fb4db36b51c34daf2852ca309e7248644e9308f4a8f01438d162bc10da5a2a4382d63c420321d596b2749ed98c861ac4aaad50a93c4a

        • memory/4456-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/4456-878-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB