Analysis

  • max time kernel
    120s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-10-2024 18:15

General

  • Target

    826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe

  • Size

    105KB

  • MD5

    531e509a09b8472abd0d4cae379b2830

  • SHA1

    aa61e6b86ae7079f75e45f9c856173667c06c68c

  • SHA256

    826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316

  • SHA512

    5b8fb2a3bf997a3b10853437231f8f810c4e3dc9620fb6c6f367b0fa962a23b4cbeb60f5476b078f0148d7e85b464d7e0ad12a66a4b334c6baf9658f8c2c4f08

  • SSDEEP

    1536:V7Zf/FAxTWoJJZENTNyoKIKMQTW7JJZENTNyoKIKMIjUv0FR:fny1tE5KIKEtE5KIK7jUv0FR

Malware Config

Signatures

  • Renames multiple (4324) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe
    "C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

    Filesize

    105KB

    MD5

    19729a3ad9cccbaf77a4c2379bbdd216

    SHA1

    f5be558c963c5c7b0d849631c10c21f44bd0caea

    SHA256

    37302cf21cdb235a0b52dec2ba9dac4b8f692c22b980f07bea6055f9006c29d0

    SHA512

    810787a9b3736ac122572f0813af1d315c86394a9090629d4ac8f0a239b8cbda4568209a387cf1b0d4a92ea7a6b6bc9553335509fb72bb65accf3e0cdf1e0c70

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    204KB

    MD5

    e024a2e58163fd887a3fb8c01df38946

    SHA1

    a75c925f6e6d0165ac1013504b6a7a641e7eca2a

    SHA256

    69a7555178f9cb84df252a806038cfede6030bf3d2d5fc2da61e4e88ca81fbb8

    SHA512

    d6d33614a28e4e162b7f866f05dbd9e302315cd27e99e8fb29d5a40d04b11a3abcb7efc701c1698655cdd873db56a691316a5fb35d7a3f3394d64bdb0077f0e8

  • memory/1876-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1876-664-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB