Analysis

  • max time kernel
    120s
  • max time network
    113s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-10-2024 17:48

General

  • Target

    c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe

  • Size

    64KB

  • MD5

    55fc25084bf403088db8eca691b6bc90

  • SHA1

    e7e832a5441358fa01b68c8ea12571952a4284a6

  • SHA256

    c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3

  • SHA512

    cd9b98bf18f40917c4446075acc09b32b0f9207af9f2cc4283ffd8f494152f90facd234b4e41b975cd0b0efa02eeedcdeea8a8e6f3c3c520ade8ac83ca6da72c

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/tiPSqNEzlp:V7Zf/FAxTWoJJ7TTQoQ6qNfQfF

Malware Config

Signatures

  • Renames multiple (4629) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe
    "C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3592

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

    Filesize

    65KB

    MD5

    e6825d5b3476fb2a84c0fff847fe148c

    SHA1

    a59a79f55238bc7d2131049dafe2b1b0aa2eaf47

    SHA256

    2ed8b17a4bf8cc6979b102db4a8891f0b53e3bb11ccd3bfcc1862877eb200513

    SHA512

    4f4cbcbaa07155a6a65a0c8a9416193bcbde6a65d4fda30fcc822d2ee3ac26e399f039b0d17a518ad9b053b62ea9d7fce217e966c60fd622a46960752d34bba6

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    163KB

    MD5

    60e7b73d353745ed8400e1136943a74e

    SHA1

    7ae6e7e4b78438d2a739801bc930eb04febd7e25

    SHA256

    af089235d181597768b1330aba4dabd2b9c79efdd5c77429f301dda08d77b2dc

    SHA512

    202c854b9113d7e27cd90f2a7f47c75453475ea456d7b6a5ddaa5ad2cfa605e8292f08c62d12200e298b6660c3d7ab06be2e6250126149bc1ea31052fffbc567

  • memory/3592-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/3592-782-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB