Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
17-10-2024 18:06
General
-
Target
aa99c913decb96133a013abe8d71a057862e3328e8297c959c8eeb063c283a66.exe
-
Size
16KB
-
MD5
c9fc5ead99455414732c85614c676afa
-
SHA1
99ae4a704b37bd1c3f190f99b52493f68bcbe3df
-
SHA256
aa99c913decb96133a013abe8d71a057862e3328e8297c959c8eeb063c283a66
-
SHA512
45ffeb541e4124939243a61b982ff11ece9ae8d8171148d354a346766f95f22e85e4504dcb705ac83bbc96ce1d8567c294c5c5f6bdeb01c251dd51328ec89e72
-
SSDEEP
384:5iNZKe9HBSEbVfBD6LeGzauQibQzisfIIG42RzRTK9oXjfdrMEn+eSkjvka95WVB:g3Ke9HBSEbVdUeGzBQoJKua6dsr
Malware Config
Extracted
C:\README.txt
https://t.me/returnbackcyberfearcom
Signatures
-
Renames multiple (190) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s) 25 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes
-
C:\Users\Admin\AppData\Local\Temp\aa99c913decb96133a013abe8d71a057862e3328e8297c959c8eeb063c283a66.exe"C:\Users\Admin\AppData\Local\Temp\aa99c913decb96133a013abe8d71a057862e3328e8297c959c8eeb063c283a66.exe"1⤵
- Drops desktop.ini file(s)
- System Location Discovery: System Language Discovery
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD5379d6bad007316cf807ac3c5bc7b1145
SHA16cc4f921978a7981ca6b7ee7d15540edeae0269c
SHA256bf9affa0444eb8d1711ddd8a6ea9b08f0c19d8d5d667b81bb1dfb4eec58c64ab
SHA512a9e8bb57e91f5943f48da2719e4e7a4bdef6daba9f6e17cf0ecf73c877fa371076d071070597fea95ee21ccc8b26ec170c615a18c0569ad9e47618a52fff9a6b
-
Filesize
804KB
MD53311e8d636121c155902d38fc99e128a
SHA1688df6a210282bda8ae7f8ad22d9928da76e9727
SHA2560a18a1a15ba8351dc451ffb820fe8dd51572bb72b0dd60118c1d71f95ccd9871
SHA512426eb689f67bf739ea0086c80e31a2c1f1147c5f5952e02fce2e120b0d3438467f95426a22492895e837b0da3972c32ec36d40a9195f5372fdf7369bac4daa82
-
Filesize
25.7MB
MD5e23b59eb72f034d1e3e4ec3e73bf63a9
SHA13c54082f61ff159d7c83280cc04863da996aeee6
SHA256f7d736e38dc58b9dd2a5af766415263b7a65cc70efebc3c26e43ab1e7c7edcc0
SHA512928611efe25f226b77981e53a519ddcb0f26338631e650e6d25d81fa311b1a38d1a7c49004338f681c737094adc87ae183e9492d040a29e9a58e4fc1b32ef207
-
Filesize
148KB
MD5b98059b4d884f2df2b320a5a105834bb
SHA15d65f1a7fd7d39c46c78efd645f5ce60cdd02124
SHA2565aaaaa39919a6ecfa8c95a73693cd2324fd96fc41010e703e5e582e3566ff75e
SHA5129034018bd82942d39fdeaf6e7e107ef7cda2a7420ab5175bf0f8d35b7f5943d7508ee4ece0bb08fbc03d72dfebccf7a186634dd11bca8ceda40bc124b0ec543f
-
Filesize
632B
MD5e5947abbf99045df634eede07180fa46
SHA1b3506e3118715199707ac9a62557fcb4512719ac
SHA25698611e811a96098298daa934d52960ce9f716a36ae3fdfc316b2b75ae2b54830
SHA512e8fe24857094c4f07dfd584120be204f41cf057e3cf3bd5ade2c5f7cc88bfaddba0f4d5d26a6d2e201894a0c284ba64393f68216556f48a4014a98be90b9a49c
-
Filesize
4KB
-
Filesize
40KB
-
Filesize
7.7MB
-
Filesize
7.7MB