Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2024 02:28

General

  • Target

    4b95ebda59092a42e95e50a540ea5fefcfc6b25230ac51c04e19782527531f38N.exe

  • Size

    28KB

  • MD5

    02dd5bacd17404acfc41b55f47da1810

  • SHA1

    debd84a376f67d54b74d22b1d9dfefd3aff35f98

  • SHA256

    4b95ebda59092a42e95e50a540ea5fefcfc6b25230ac51c04e19782527531f38

  • SHA512

    2eceb0be5b6aefc227e1d2dd26de50f36da71cceaa255be8863abf959311d43cabd36be240aef01dd60e708bc9bf03d1e5d953dae1010d9d91275752a3ae9629

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9Y96h3+:CTW7JJ7To

Malware Config

Signatures

  • Renames multiple (4659) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b95ebda59092a42e95e50a540ea5fefcfc6b25230ac51c04e19782527531f38N.exe
    "C:\Users\Admin\AppData\Local\Temp\4b95ebda59092a42e95e50a540ea5fefcfc6b25230ac51c04e19782527531f38N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

    Filesize

    28KB

    MD5

    d75702bd7ae6628a4e195c91a8eed85b

    SHA1

    b21d875b8c837020804e96e7572fd137689779c8

    SHA256

    edac1eada35e49aa6e440f582cc91f21e0f02e6eaa5353e2af27f3043181ac50

    SHA512

    53f936b99dcb95950de441f81672d87e41dfa05b39109af8dd7ef2e8de4f1cff1f3b58672bfe38498b2187991c3db2c89bef360f3d3beaba8f3b2cc6f41371c7

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    127KB

    MD5

    a51bc84a12706323de7f9f5879e95e68

    SHA1

    17891e4e4ebbb327283f8c6c6c082bb2591c98b7

    SHA256

    2a87156c0714ced32d1c2be46d63d290e48958e290ab48f85204181f11754fca

    SHA512

    48876ac6db2d98f3a0ddb6d667e45e01a45ec9968a97bbafe478ce32c04ab537a81cdd72a5ecbfbb7c2ab20429ca2404b740c9923e18329fc3d1f453e3783a9c

  • memory/2700-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2700-790-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB