Analysis

  • max time kernel
    150s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-10-2024 18:25

General

  • Target

    103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe

  • Size

    54KB

  • MD5

    736feb30f912ec759602226c17822930

  • SHA1

    67b8f6a43b0af45ed9000877de00f1750f404fdb

  • SHA256

    103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcf

  • SHA512

    be25a8c7668a69a51d13baa9f66263e90975e2746dffb16ca85f633c15c1a52989358243a0078a8f1a1e546b80ed6799e9b9986c7d0de632f1a1615e97e6954c

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9Yo0NO6iJfo0NO6iJ+:V7Zf/FAxTWoJJ7T+mR

Malware Config

Signatures

  • Renames multiple (5006) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe
    "C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp

    Filesize

    54KB

    MD5

    9e4f54db27943047b93448381adecf4c

    SHA1

    797a9b0feb337f93c777a272d419583e952859d1

    SHA256

    a7d9c8b6ee983b8ee9b10b568d3b43368c74f28142fa783df35c82205613638f

    SHA512

    589a7766af5f89de9aa70433feebac71039ccbf6cb9925f389ee53f2a9eade161714de5b120cb57c8980809ef6964f5a6be1e60bf8e628c7d322bd0af8b2c08d

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    153KB

    MD5

    98f561d1ad23c8fae13663fc583c2ae5

    SHA1

    b00bf426403b8bf62ee89eea794fe15b15f05508

    SHA256

    2ba211075b93f4e1f2c168f62a9b0fb8b4d2a863de95a3731376894977f79e47

    SHA512

    06507d01da424235c331b5bab05f1386ce3a35e39f6054de5d2d3d228e0eec0fb391a78e2adeef647597eec9662f702b08b62a161223727c95f5e6dbdcadab4f

  • memory/2352-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2352-742-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB