Analysis

  • max time kernel
    120s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-10-2024 18:27

General

  • Target

    9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe

  • Size

    46KB

  • MD5

    37ab91bc95942249608a7fb5b9438e90

  • SHA1

    10b667c5c6fd45ee63168b2204fc7651f393fe01

  • SHA256

    9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53

  • SHA512

    b5bf92da4a8ec87462c21fbc460caee5668f75f1b0d8fbb759020a4dedecf23106bc21bcc7953ad2d9ca147a1b5e6c690046c2aa41f097d47704c215f1cf5f6f

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcwBcCBcw/tio/tiJFEFuodcOZiJSQOQiJfodcOd:CTW7JJ7TTQoQPyPhehEJyQJyv

Malware Config

Signatures

  • Renames multiple (4437) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp

    Filesize

    46KB

    MD5

    4085b68ec22d6fca02df53bf0f5139b5

    SHA1

    c72c218a2120c0676860fa0abfecd20a33fcff8c

    SHA256

    13448a354361d6f3caab567b2c44d530c5a5413cfa9c706b9f63b0952e783c7e

    SHA512

    83c2cfe72d5c26fc2b8a9eb7b5c199d60c126b8483759a1078f11328de53b59e4fb2d93502cf82061780ad4d6910942586e8f6a4ff881f8f2b48b1af10f5bbba

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    145KB

    MD5

    23fbdf5507774241fb122900fce9098a

    SHA1

    efbb736fa8fe48779c87eda0b180b1f2b6313e8c

    SHA256

    77b34e5def238d6f8bdb5726a78cdc8f28175cf9cbd34a846f0ef9fbebc0087b

    SHA512

    857e007ed98558739347919d7e0b6615df0f24bcbc4fdde57eac9d54b0ce609f1fa528a74c7af7523071a898256b91f2d37107a2e44b1bdf2d522ae53646b809

  • memory/3984-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/3984-660-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB