Analysis

  • max time kernel
    120s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/10/2024, 02:33

General

  • Target

    c1a4a3e791e34e2137e6565e73375b8db668763c8e54db62591b0978684cb80fN.exe

  • Size

    77KB

  • MD5

    d374d77181568dec6da57707d6ecd2b0

  • SHA1

    31dbf9d1b1645896453c6fd4b45fd2fa16764d09

  • SHA256

    c1a4a3e791e34e2137e6565e73375b8db668763c8e54db62591b0978684cb80f

  • SHA512

    a44fd04acee5b2195ba63f18b1710235b2597bd6f1d7127370539fbf5aa0312e764bb93dd79bb155fba5386ff8dcccb665345f904e9733b381932ef862a2bbd5

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/ti3c7Fc71:V7Zf/FAxTWoJJ7TTQoQmo1

Malware Config

Signatures

  • Renames multiple (4538) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\c1a4a3e791e34e2137e6565e73375b8db668763c8e54db62591b0978684cb80fN.exe
    "C:\Users\Admin\AppData\Local\Temp\c1a4a3e791e34e2137e6565e73375b8db668763c8e54db62591b0978684cb80fN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3372

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

    Filesize

    77KB

    MD5

    0efbc7162b0d8212cf3e12619532844c

    SHA1

    20606a52e1e4042b19ccc8e2a5ae454060a7a382

    SHA256

    52e0f44c6f768c4e11a0117789f5e2d8e7997099ca2a101ae4248827ff625ecb

    SHA512

    6bb9efb32cb193ffbc912caa5bb57a943805726ba1de715d6fae81f47d2c2cc87c82e697961de303bb1e491a0df3be08cd822a1668bb4e3dcad48763e3ec5652

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    176KB

    MD5

    910cff74e6e10654b9b43b497afcaf03

    SHA1

    42c7686bbd57c35d56efac6b7633a6ff743ec28f

    SHA256

    c9d5348aab073bd1932a8a37cea106a13e05e98432e3b498d5c3153e608094d6

    SHA512

    719d7b4489926c8763f9cb0f51a78abcdec97499fd6464080b198d6038d3683ac1e8d75afb893eef4862e9a225bfd0b79ccc8779675e366ddef31fc5a363309a

  • memory/3372-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/3372-784-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB