Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-10-2024 17:43

General

  • Target

    22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe

  • Size

    59KB

  • MD5

    d3bcb5cf6d217b72d3c849354e69c810

  • SHA1

    7b57c43fdc03c155b1f156f8b73f64762b45b713

  • SHA256

    22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6

  • SHA512

    cabaac3f75ae11c4da9308e5fc10e5b5bfd6b78fbddc1280bf6984555bd4b5b492eeb1df097bbce5b89f4ca801cca788a771f662859fa32cfb607874f13d9b81

  • SSDEEP

    768:W7BlpppARFbhHFoqAJwBqAJw1VyjVy/3sY1YxwDwk595E:W7ZppApyVyjVy7Uk595E

Score
9/10

Malware Config

Signatures

  • Renames multiple (5032) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe
    "C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4504

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

    Filesize

    60KB

    MD5

    bd2671e08620db37b3c2a9947e24e763

    SHA1

    03d07d096cf836f8156dd1417d1489f458b9ea8d

    SHA256

    046a94f07bff1dcfeeea7c8872595b6a959b216061f8684c58604a88ac7ab524

    SHA512

    094a3ceef4b7d616bd4bffd0e8094a1c6b19a7f1d82967c13d34145bc56af2e2e840beb7518ad024189132e1e82ac3ffc28db94af7cc08c71c9a586dcec1df6e

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    158KB

    MD5

    f23e14c4e5eb090745c93e50274a4280

    SHA1

    62a47ac18d3405ce5f62cd0555c789b9d7630dab

    SHA256

    e3aa1641ec0c8ecff29c55c11e15f034c28e32eca32a34304959c1e694555832

    SHA512

    5b61c5843e1e3234c6fec75411e86934a27c7c146b4c5faf62441007426443036f7a73291861a83c7c2f2db741b11a4aa16e9b9297718bd0f0339baf8349e431