Analysis

  • max time kernel
    120s
  • max time network
    109s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-10-2024 18:23

General

  • Target

    d2cee998a3dc4cdb299a99a4165e15cbda2d8ba7cf5cb7e1faa743250fae0e72N.exe

  • Size

    61KB

  • MD5

    dd0214111d6a5c93b11574d45a8e87d0

  • SHA1

    41dd265518fc106bf87f13cbda624295f4cc7245

  • SHA256

    d2cee998a3dc4cdb299a99a4165e15cbda2d8ba7cf5cb7e1faa743250fae0e72

  • SHA512

    c46e1b6c7f6f34d8e0c9d159d289a7dc27fe042c1e952ab67e73bb24c81a0ccf5c69bed7fb943f4db6443d9bf2f70a1651d088e0ae88d3c94aa6f23eb923684c

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBHfBo8o3PfsC:V7Zf/FAxTWoJJZENTBHfiPfsC

Malware Config

Signatures

  • Renames multiple (4423) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\d2cee998a3dc4cdb299a99a4165e15cbda2d8ba7cf5cb7e1faa743250fae0e72N.exe
    "C:\Users\Admin\AppData\Local\Temp\d2cee998a3dc4cdb299a99a4165e15cbda2d8ba7cf5cb7e1faa743250fae0e72N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

    Filesize

    62KB

    MD5

    f25ad5b486a2e9e552c6d3bbe9b544bd

    SHA1

    2a88bc51e4dbf13d70f33edf36bc83bc8a9dbc8b

    SHA256

    5c1210848e61f9108ab3e2880f23e8cd88f3cd8385d0a7401b8c6d863af3726d

    SHA512

    0835ad36d980b6a4d29d04b4fb9ceb24fd7a27ceec890ef719e9305a3cb8b6efba0daf98740d110b07d7c3ebed945c03bba3eacd575dde11036b3a753792683e

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    160KB

    MD5

    2a64285dce9db9ae80678186840cc60b

    SHA1

    c82023321b3bd5633d9ddb158b02300e0ba4b583

    SHA256

    873e66e55db977e081bb4030c85c3e6484eec37261107bf1259c62857bfe3637

    SHA512

    95dab61703f0ed1aa50608c7185c4f75df1e2cee0fca39be5024049354d6294a52f39e76341ec47739cf75eaf725c80be9a5060d2cb22ff3cb3f28cd192d48b7

  • memory/4788-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/4788-784-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB