Analysis

  • max time kernel
    120s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2024, 10:20

General

  • Target

    6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe

  • Size

    49KB

  • MD5

    640e71e0145af2ada9918fc46b5b3c50

  • SHA1

    6200fea57020bb03b88e1b9f1556ff3aa9b3afee

  • SHA256

    6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55

  • SHA512

    bb390336ae4e2b02d388cf3bd1939f2f426d0bfb879f86b94ad163d6bb9ccf5a80b82415feae3349c9c36552a7ae00de93c78ba3fdfe28fbf3a82966141f249b

  • SSDEEP

    768:W7BlphA7dASbSjJJcbQbf1Oti1JGBQOOiQJhATBWvyBh85c5Hjn:W7ZhA7dABJJZENTBWv36F

Score
9/10

Malware Config

Signatures

  • Renames multiple (4675) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe
    "C:\Users\Admin\AppData\Local\Temp\6b9b3eb4f66b4406297e3dd2a62720976782fc6d6b644bd74e85a1e56d5fee55N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4040

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-4182098368-2521458979-3782681353-1000\desktop.ini.tmp

          Filesize

          49KB

          MD5

          c4b9b32064cb57978b7f5a6902a0204a

          SHA1

          a794ccb35a69ebf2f8c52f8db0222394ce11aed0

          SHA256

          9e4e14860055d13d380043c97e0ce7be4fa49937033cbc646f20a682f4cb6b25

          SHA512

          7960e08d9c19b8de938bbb8e0618d05bf71999faefbf42ef32e0bc627eb537afeef3f4ce6835254cfda0ca9d6b5b3cf9bd1f9980184c25434e982f53e2450146

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          148KB

          MD5

          35e98a9ee752bc3c72276aeef728783c

          SHA1

          7538831e1bae2edd4e28a0a21078d439c455a129

          SHA256

          8377a2ee035ac2d25b08856054f075cec029b322d622e173c7b150c391499d96

          SHA512

          dc66186cd4b30e55018b85be433aac64fb54ce5ab0898bf6826e68ae809621963f8415876e1d8852149ae121f61ee2dc16a2a0110e8a4c6844114f065d4da206