Analysis

  • max time kernel
    120s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2024 02:31

General

  • Target

    39ee578f0d2e4e8541470652fbdb50287f5f0d3e501fe1bce9fda83b6cf31aa6N.exe

  • Size

    79KB

  • MD5

    f6dd52a290457e27e3a0d1c092219230

  • SHA1

    dec97628ca215c2f97c7cbb39417f95b2dc4f719

  • SHA256

    39ee578f0d2e4e8541470652fbdb50287f5f0d3e501fe1bce9fda83b6cf31aa6

  • SHA512

    55db90395fa7c00eb8e7bca6024148cbcea2e885087643797f41b7c86489569bd7330a367e2626f2f53174529f6d9460a02d7da947954db328f4e6c017d33430

  • SSDEEP

    384:yBs7Br5xjL8AgA71FbhvJUfWGUf2X5nUYXxX5nUYXyuXvuXxhjOIC8UnRIC8UnLi:/7BlpQpARFbhiWbs5nd5ntXWXxh6IOIP

Score
9/10

Malware Config

Signatures

  • Renames multiple (4505) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\39ee578f0d2e4e8541470652fbdb50287f5f0d3e501fe1bce9fda83b6cf31aa6N.exe
    "C:\Users\Admin\AppData\Local\Temp\39ee578f0d2e4e8541470652fbdb50287f5f0d3e501fe1bce9fda83b6cf31aa6N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3900

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

    Filesize

    79KB

    MD5

    6bf43e953f887ab6be6dc08d136ed947

    SHA1

    a32cb11cc9505776b75bf79addafdef7f4c6fc62

    SHA256

    b35af9de0cceb020539f46bfe5cba7dc8353131494f821f0536b791f4cce06f8

    SHA512

    bacd19b7e55c11b1579e5190a063aa660f3fe449bab7b476b93025a43917646438044b33dc3a49be3b6bf0529971a83f0924a4f1a82831557b261b4345ffb8b4

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    178KB

    MD5

    9263b6cc2d035283da0afb6ebbc58742

    SHA1

    98f06bcd0f91b7f372cadf21c95e9cff5de93883

    SHA256

    5126609de35bb960b8e23b9edd90eedfeb5d385a8c185efd128ccad3a442e0a0

    SHA512

    8aabf1b9a743ab808aa89ee0fd8402aa019523b27cfa859e4ce4c7d806d5577be6080f95e5da14c6354d01021f945d2b3f212c7792c23acb30875b81f0ac580e

  • memory/3900-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/3900-658-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB