Analysis

  • max time kernel
    119s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2024, 10:29

General

  • Target

    80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe

  • Size

    52KB

  • MD5

    ddb75ff3f3240cddabce78c7dce974e0

  • SHA1

    e0665703c0d500b5e9c985cf7b4e0d71ee17e794

  • SHA256

    80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969

  • SHA512

    e66c348c4ef656ed2fb2efc1844b898d5721a249a8a130a177460e869d28c65406dc04b8c740285a0ce536f30ceb180ba8eb5c169e9cedb7a8731c6af56ba10d

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOd+QRA88O1ggi1x+88O1ggi1xY:W7ZhA7pApM21LOA1LOTRAsWysW0

Score
9/10

Malware Config

Signatures

  • Renames multiple (4678) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe
    "C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3672

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1302416131-1437503476-2806442725-1000\desktop.ini.tmp

          Filesize

          52KB

          MD5

          7f68d000d4f3d0d851f9e530f84e51f6

          SHA1

          4668c6e2135d28ee9409b378bc4ca1366137483b

          SHA256

          baba54ee970182eda9eac0f35b128ec6ee2a18a2904a2817946a088fbd389eb5

          SHA512

          0e6b9c34fe7ad0c2c3d9f084b1635793d7d071c04cd2ad4869f6c26e0cf60f684f6928df511049d0fe5616211d27cb6118cf22698c18127790a71e6be0a547d6

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          151KB

          MD5

          6980215fc4f8d0057cb8e62427013742

          SHA1

          02bb5d7b66d0ed95a2444c1b013dd23db0e6d9d0

          SHA256

          426562709589b1f860787510cc831e292961f48fdcfc5217dc7927ffa97ad8c8

          SHA512

          10a7aff52139cdcb60befa33a423d070f1fca2b17d36e0150bcd29afedb42cc5b9c079889e4686be6433cc8b1fa1bd9012d254c7fb3faf34db70387d93e72bda