Analysis

  • max time kernel
    150s
  • max time network
    128s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/10/2024, 10:32

General

  • Target

    80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe

  • Size

    52KB

  • MD5

    ddb75ff3f3240cddabce78c7dce974e0

  • SHA1

    e0665703c0d500b5e9c985cf7b4e0d71ee17e794

  • SHA256

    80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969

  • SHA512

    e66c348c4ef656ed2fb2efc1844b898d5721a249a8a130a177460e869d28c65406dc04b8c740285a0ce536f30ceb180ba8eb5c169e9cedb7a8731c6af56ba10d

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOd+QRA88O1ggi1x+88O1ggi1xY:W7ZhA7pApM21LOA1LOTRAsWysW0

Score
9/10

Malware Config

Signatures

  • Renames multiple (5048) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe
    "C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2548
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4164,i,1330210614411927383,9239043499051775691,262144 --variations-seed-version --mojo-platform-channel-handle=4460 /prefetch:8
    1⤵
      PID:4484

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp

            Filesize

            52KB

            MD5

            8b37232ae899c7f7b95ec2fed82fa850

            SHA1

            5a3f35fcc721238144a5e88b0e7a0541b98af0c4

            SHA256

            2b3d86f25d9db991f71f7aaa47087713362d1d4be063db4cb4ace5973e88ec97

            SHA512

            88cd9dddcae3d4de24e1ec697f7346a726dad68f2536861498f9f58a66021a8494798093cb281255c533da057ccddbb004cf781a2276b292c423d285b7c5e8a0

          • C:\Program Files\7-Zip\7-zip.chm.tmp

            Filesize

            164KB

            MD5

            32d012c17931fe99c00d5678bff9f677

            SHA1

            eb67924b4c374f5cf399a572d64e459b3d127dad

            SHA256

            115a387db98ea8181a938c9369d325b8fc3191bcda8d7c4e5bf26d515211c537

            SHA512

            eca0ec066c896361d765210fa92503b92096472693468866752138ea3e704cf6a7af01ecab940d6cc85ae55cb959460a6d154391fac2bc34aa303e395096a29a