Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2024 02:43

General

  • Target

    c2e1d08dddb3d7e27c9252d2d236d6ab7df24ea2f6d6894ade9f93a530627dca.exe

  • Size

    100KB

  • MD5

    3bde4a3622baaafde0a9a99f5cb86421

  • SHA1

    accbfb53a30afaa1f4948f47ba365dc2c5070af5

  • SHA256

    c2e1d08dddb3d7e27c9252d2d236d6ab7df24ea2f6d6894ade9f93a530627dca

  • SHA512

    498074b477841f824dd9a37f8225d4fad8eb0b093ff992e72e1446953eafca4a7748589a694842611bdcfa829cfc415e42eddee563d9cba638552517350ce121

  • SSDEEP

    1536:W7ZppApsJNg0tdlAX+zq852d1F4V+kw2tJKSh2hKjEkjEZ:6pWpkuK4+bE1F4c2r4k4Z

Score
9/10

Malware Config

Signatures

  • Renames multiple (4866) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\c2e1d08dddb3d7e27c9252d2d236d6ab7df24ea2f6d6894ade9f93a530627dca.exe
    "C:\Users\Admin\AppData\Local\Temp\c2e1d08dddb3d7e27c9252d2d236d6ab7df24ea2f6d6894ade9f93a530627dca.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp

    Filesize

    100KB

    MD5

    5d3d4133d0121a2ba8d7837a6c438e91

    SHA1

    b75b9f028acf80d32b2d08e708a195132d5b3197

    SHA256

    a1b679a1961b10e8c711e7e3c5341add6ed1c37be9ed4e49a0bd6226a38859f9

    SHA512

    31e867fa65ced7a71c00452992a49c1e83b6ba2cd324a571d4061655cf2c8891cd3846db7e376443e0643391c2d0365a74194e17b8cea264fe3e57fc9da37a23

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    199KB

    MD5

    945f0ff513f9f7809d8f4fc76846030a

    SHA1

    5964871135950ad916df203ea2047e006750b02d

    SHA256

    2347d572a65b4d4d309011636550d885ef4fae483dbb05b034f2e8be2e5439ff

    SHA512

    a1f800860ec769d044d33aa1575a6f14e0884534b9f9c16744e871b3c2c8f65ee5f7f4ec4ddde8ed0458ab65eb9323f04f7c90b05ddcbae967d893f6b4a7a3dd