Analysis

  • max time kernel
    120s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-10-2024 18:19

General

  • Target

    2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe

  • Size

    96KB

  • MD5

    40a1390cab497052b616e119291c4180

  • SHA1

    0f813b3e18732618aeb28ce469a7d94b9904b1f9

  • SHA256

    2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249eb

  • SHA512

    080aa2212b95eafccce3105849f3bae4a3116efeba86eb036762ce883891b2cf26988b080538fd8087c321b8de39646ada0ce80eba81bf24ad345c2cb484de39

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxY5KwqOvVHiZckbNVEb:fnyiQSox5Kwp

Malware Config

Signatures

  • Renames multiple (4359) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe
    "C:\Users\Admin\AppData\Local\Temp\2bf7ae0a457c4b852594397c8d325e5b7bb85bbd44ed77c3043f3e2ee92249ebN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp

    Filesize

    96KB

    MD5

    04e9d26f6b6dbc2efc8160e46e2a6e70

    SHA1

    46a8a2de0dcdc1ee044aa462d961aa795a37eb4d

    SHA256

    28721a5cc88c05375b70fa018265114d1cf103c762843045a53718e3ec092411

    SHA512

    51d0ad91d7d58df71446e756f529122a35214f87f80fe614953ad2f5e40bc877f15c7dc414a3edacfdf8a9c8460b10f96a5ac5d058007225d67d33dc6bc6adb9

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    195KB

    MD5

    9a751d720832b15a0eaf4d8ac10f2570

    SHA1

    dab57c86bc4aa3bfa786b68c429a21eacae9234f

    SHA256

    f1b637e16f221c41c104dd8dd4b22bd97999d2b77b3c645929e27717e397dbf6

    SHA512

    1ee922f7c425d57cab4ed0128164cdc86d370ce69c5d350a08ebaec3fc8ca1973fb86fb629bbf100d539f2ae49553ca8dc283df62b2b9840e029634d056778c7

  • memory/3004-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/3004-660-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB