Analysis

  • max time kernel
    120s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16-10-2024 18:19

General

  • Target

    103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe

  • Size

    54KB

  • MD5

    736feb30f912ec759602226c17822930

  • SHA1

    67b8f6a43b0af45ed9000877de00f1750f404fdb

  • SHA256

    103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcf

  • SHA512

    be25a8c7668a69a51d13baa9f66263e90975e2746dffb16ca85f633c15c1a52989358243a0078a8f1a1e546b80ed6799e9b9986c7d0de632f1a1615e97e6954c

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9Yo0NO6iJfo0NO6iJ+:V7Zf/FAxTWoJJ7T+mR

Malware Config

Signatures

  • Renames multiple (4538) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe
    "C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

    Filesize

    54KB

    MD5

    920969402d05027597537daf6f5f15fa

    SHA1

    f18d5b3c74918221fee6042fe1a41e4c703a0d66

    SHA256

    f581fdfee6792aa6d229f92cf5ac7c8eb4a703d3ae26ec8cbb10de0d62ba65ff

    SHA512

    75046033707bbc0ef55bf9c2de6621fe7039bbb692a4448ba69df394fed5596a9993fc9b19c62354db5bebaa2bc34d72ec3b7d6f4ee7cf12a002c39271a4e056

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    153KB

    MD5

    23e9cc4e752eb5a95e63d7c3afbac17e

    SHA1

    743254f24f4c7a97d571763f83f01023de3dd3c2

    SHA256

    47fd60aecdf85ce23e2b24c1db3a1377a2c816390951386810988237fdbe1e08

    SHA512

    5837201bb54196704e453f8965fe4674e5b74e0b8a96a5a8c73a0cda24793062bbf5c29093c3e77214d8adf831bad1efe3e71662f08d9f7cb80d823430a7c613

  • memory/4772-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/4772-744-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB