Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-10-2024 17:56

General

  • Target

    c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe

  • Size

    64KB

  • MD5

    55fc25084bf403088db8eca691b6bc90

  • SHA1

    e7e832a5441358fa01b68c8ea12571952a4284a6

  • SHA256

    c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3

  • SHA512

    cd9b98bf18f40917c4446075acc09b32b0f9207af9f2cc4283ffd8f494152f90facd234b4e41b975cd0b0efa02eeedcdeea8a8e6f3c3c520ade8ac83ca6da72c

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/tiPSqNEzlp:V7Zf/FAxTWoJJ7TTQoQ6qNfQfF

Malware Config

Signatures

  • Renames multiple (4863) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe
    "C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3740

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp

    Filesize

    65KB

    MD5

    cf67f02c9093cfcf6091520e2d4a6405

    SHA1

    01d3ca2d3ddfc0e2324d6e06224c4518927569ce

    SHA256

    d55edc221b178133da547960537f917e415b0ca5b55e40373167d2b7cd759fdb

    SHA512

    4a2ab3cca3e5b72b1f48f7ca377edc94c676ca08f57106a08c9c77504d1dd3f70e37ef628fe30addf3ff4f2b7bfc19190202d0fc78d0ec6c3b98d474246dd908

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    163KB

    MD5

    5e8e4566b86a03fedf322737c25e7bf0

    SHA1

    0aff20e7606a0ecaa3228f04c820e0ab49b784fd

    SHA256

    80a7cf82af3f7e6294c4e6fc3f271d90637ee0a6b322dda4baa683635e443577

    SHA512

    4a3957c8b097e03119ce6d27bf33e140c2fe947117b743c95701fd980b47929fe1f73ccc2a22faf088de8299dd5bb52edb24bba762e667f9cc561fd24c48f080

  • memory/3740-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/3740-656-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB