Analysis

  • max time kernel
    120s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2024, 10:28

General

  • Target

    6fd411b520ee95049b844e6f7383ca126a763434c0f83b04b13aa507a0f897ffN.exe

  • Size

    51KB

  • MD5

    30a855b03ebd5f5cd25244a79097f340

  • SHA1

    95c27237b10811f373e8ffe75ce6acbe6ae830d2

  • SHA256

    6fd411b520ee95049b844e6f7383ca126a763434c0f83b04b13aa507a0f897ff

  • SHA512

    85edad5226d42bfb42744f143a2190d1c3c092547151b59de1397c71460c970b18d3dbad4f9d313f846e881ab8dfe1fe4b121c1aa05abb0c3826a6449cc4ff78

  • SSDEEP

    768:p7BlphA7dASbSLJJBZBZaOAOIB3jM2jMO/vY6mtPc:p7ZhA7dAxJJB7LD2I2IGYpPc

Score
9/10

Malware Config

Signatures

  • Renames multiple (4659) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\6fd411b520ee95049b844e6f7383ca126a763434c0f83b04b13aa507a0f897ffN.exe
    "C:\Users\Admin\AppData\Local\Temp\6fd411b520ee95049b844e6f7383ca126a763434c0f83b04b13aa507a0f897ffN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1724

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.tmp

          Filesize

          51KB

          MD5

          3c52caf72d14780bd47c1831290a355a

          SHA1

          2bce63a588ee49d234c4b6a426a98f71fb18246d

          SHA256

          0335c3e7185f6e5d5ab63126824798abb5fdcd918e233eec94322226ca97058d

          SHA512

          6085204c0bc338e228bd7a31676936e3852c021653ef757484f423058dd9ea760f75ec1f5eab26e7b76e39165b761b6bb91d0f062ebf2d987e29c98335236a5b

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          150KB

          MD5

          2218675cd7a9240c4ff0313e5800b367

          SHA1

          4dcef1a7fc8d9b97234364dd8c3d62df91bb6cdc

          SHA256

          5fed103cc2a5f52c800e7bd74408484415932e834f08a0e72cec67acd43f47eb

          SHA512

          58a0f550f79924a2b2249de6465ca668e8489d22599a14c8d87352669ff14e1d8a190ae25469135c450f872acc202bae58683d0bc1e4605e5078608e9801a047