Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2024 02:03

General

  • Target

    44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe

  • Size

    74KB

  • MD5

    0b8d97f20f6c88b444c230f508c78960

  • SHA1

    5023c9a6e8ced323a4f0bca30809b5c21a466aca

  • SHA256

    44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01c

  • SHA512

    8ae237a3b34481f2bc97288ba0c3e2442066e3f5c81ecb53807e2caec5d944cb818575a8adff238d86e38f1d9ab95d002d8bcbda86faf4dadb53e1b2a80c456a

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9woOzOuiJfoOzOuiJu+Zl:V7Zf/FAxTWoJJ7T4MKTW7JJ7T4MC7z

Malware Config

Signatures

  • Renames multiple (4859) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe
    "C:\Users\Admin\AppData\Local\Temp\44aa979d70c28e001b71f0073cc3a12c90800b8ef1fc94b1a105b484bcf9d01cN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:5020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

    Filesize

    75KB

    MD5

    0807762764e7924cd8562e35926a706d

    SHA1

    1211f010544a8dce9463a47b5809499068aed6b6

    SHA256

    36a3432303aeb48ef3c3949a32b8839deafdab30aec5bc671ddd2f22a3cb33ce

    SHA512

    a3fd1c2b02f8f95c6aa8aa9cb2f9a17b13c21c08afcdddecbd4440df0a78972b73555d0dd417502480a7de72919e0c9bc816eaa23cc40add90c3464f84bf6f8c

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    173KB

    MD5

    b3b7f0629f5be14690cba563439bb032

    SHA1

    465edfd2c268a8fc6bdac9a691b51664b8e5e674

    SHA256

    247ef961e8e9eeadaee16f67256f7c6d5151b331825149bced564ebf27155667

    SHA512

    bff9ac57fec28f2d00194e18961acef5ea0944fca0d8acb0d859534a22d21ce14f32a6236213c1fee901c2e29d0b24fa9a0a37ac21a355109c1394ef4d9a3bd8

  • memory/5020-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/5020-708-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB