Analysis

  • max time kernel
    120s
  • max time network
    108s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2024 02:00

General

  • Target

    44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe

  • Size

    74KB

  • MD5

    0b8d97f20f6c88b444c230f508c78960

  • SHA1

    5023c9a6e8ced323a4f0bca30809b5c21a466aca

  • SHA256

    44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01c

  • SHA512

    8ae237a3b34481f2bc97288ba0c3e2442066e3f5c81ecb53807e2caec5d944cb818575a8adff238d86e38f1d9ab95d002d8bcbda86faf4dadb53e1b2a80c456a

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9woOzOuiJfoOzOuiJu+Zl:V7Zf/FAxTWoJJ7T4MKTW7JJ7T4MC7z

Malware Config

Signatures

  • Renames multiple (4357) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe
    "C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp

    Filesize

    75KB

    MD5

    ffc18948ae28862ea81594b30c3eb7ac

    SHA1

    0058049330849d3e0dda8b249bea5019fc308045

    SHA256

    962c4b3a3913f11b4101dc67c3c04cad20d59970bb2469205dd1a317867f7f5c

    SHA512

    b64b76550c87c7fc68fde73414e02f3883415aa8deba8963a222620c8768f357cf3d7e798fa1dec1fc39f38ab9ac0a43c066a8989ca519d857aed310ea893e73

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    173KB

    MD5

    c321be561c05349156d8312abcf13c6b

    SHA1

    ee1e794a571fcd2a2cbc6e25785b1a40533d183b

    SHA256

    dd0aeb9d071699a44f625f5f24f7ab3d8c89f9dd1e4c160d087c8b2154bfc7a9

    SHA512

    a6102e7df679ef0cbe1dbda9105962297a7ceedbe5eee5b8b49ef6bbc81e47aaf0c62f6d965b14a152b95265bd751c68eeed5f087b024793c2b1670289537e18

  • memory/2800-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2800-662-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB