Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-10-2024 18:03

General

  • Target

    004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe

  • Size

    47KB

  • MD5

    556a95ff5ad9ecff1d26fbcc4e7a6ccc

  • SHA1

    ced8c39be24223051538734e74ac6be70d2347a8

  • SHA256

    004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705

  • SHA512

    d3031165f0ad6caaa35c529835bb8ce3571ec34696baff728a0ed55cfbd7c556dd4b7daa1d9d26fad38a2894f0b4b591cd611710a6513736139a33e4da8ee7f5

  • SSDEEP

    768:W7Blp2sspARFbh5YSfff9n1oXKCqzEIn1oXKCqzE1IwScIwSJ:W7Z2sspAp5YSfffMrfry

Score
9/10

Malware Config

Signatures

  • Renames multiple (5029) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe
    "C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp

    Filesize

    47KB

    MD5

    c350339a570c643ab3922da08f72dbbc

    SHA1

    11399b6ff6496c4336f7e06749d0fbf2baf27aa5

    SHA256

    6f2849cfbb6d0417f3b224dfdfe20112fe236c3d8d1c5675eb3d3db6f1a1562d

    SHA512

    d5268efb3c1d3247168f5a21e3b228a48fe0747b2968df3e5ca76d20ed5707e88d3f91169cd10e191a5e2baf6267839d16ba275cf94c780c73bfb57c90c08fda

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    146KB

    MD5

    c49cad4080f5cbd1f715da1d5bda74ee

    SHA1

    fc57ea4d86586729b448762bc8ff3ef8fa287709

    SHA256

    56065e5c9b51554673e97b525535211951881967e04042fd3d40b649b2d8d2a9

    SHA512

    068e4e65b550292ba6e0abc7ef1f13971f7934e4ccef516969a5827b9965d274ce51ebc28f9400ffb7ab37ef8a95bb4b55e28b32604b7191f15359dda8326ba2