Analysis

  • max time kernel
    149s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-10-2024 17:09

General

  • Target

    db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe

  • Size

    53KB

  • MD5

    190e084a8a0725a34603fd2bb32fcf90

  • SHA1

    44b2a02367142703fd64f65c2adac46904d11667

  • SHA256

    db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0a

  • SHA512

    abb99d507b62365ddb64122b01989895a0975511ac7b5210649a90d959fc1e448d9a70703bc01e0d585fb5e6092d36b5e98bd212bbcb6a9313505011e114dda7

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9V:V7Zf/FAxTWoJJ7Tj

Malware Config

Signatures

  • Renames multiple (5196) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe
    "C:\Users\Admin\AppData\Local\Temp\db002f688f4906da3e9b40524fb18dc5a9924f310f3a5846b6fa9a91d68dfe0aN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4856

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

    Filesize

    53KB

    MD5

    b6b71282eb44b299cab82ff077d3e491

    SHA1

    e7dad9f366fe6e449543f56532464bb600d8676f

    SHA256

    9f32e5cf6751e3f20a712cfa7d6e1d13688154761477569834c6bac7b3ceeba8

    SHA512

    885455ce77f18c7360d2d3f8aa40de13849c73bac80374c3345eaa0f3bba70c571cd097e760a46a1e287078c610e6b5995c2f5b28954d81a4eb9576141388200

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    152KB

    MD5

    d7c85d1180c9f4dfac88d2f9a68b3ae2

    SHA1

    eb2a3a3549dbb456efd20cb69b556b895a2ac11e

    SHA256

    4706bdc9266b27dacc20cdc99b41411ccf8573a77b4ca6d22d36b72419a03560

    SHA512

    2d700c81fa2311d9d1e8a2a25e8cb54a5e3f44ad8d8c6e8df3ceb72d3055a3f9dd397d3d9add9e2d59c9b4e5a071debf15bb872924499e30de0443c364a006d6

  • memory/4856-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/4856-668-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB