Analysis

  • max time kernel
    150s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2024 03:34

General

  • Target

    d8612e0e75a79b5a916a9250038e4dd1f388f4ae5034dfd54570aba1c6b2d38a.exe

  • Size

    95KB

  • MD5

    b6939b4e790623ba29424dcd7a57d92c

  • SHA1

    0806ec9ef233d21dbd83da882c16a4965d85153a

  • SHA256

    d8612e0e75a79b5a916a9250038e4dd1f388f4ae5034dfd54570aba1c6b2d38a

  • SHA512

    e92eb0b6f497b396f32008c69c1dafd31302f342241876e2528ecebd9cb584aeeeed2ed3103cf09edb5b3efa995bdd38195482b56c89210245c0b5aa45d28cae

  • SSDEEP

    1536:W7ZppApsJNg0tdlAX+zq852d1F4V+kw2tJKSh2hC:6pWpkuK4+bE1F4c2z

Score
9/10

Malware Config

Signatures

  • Renames multiple (5012) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\d8612e0e75a79b5a916a9250038e4dd1f388f4ae5034dfd54570aba1c6b2d38a.exe
    "C:\Users\Admin\AppData\Local\Temp\d8612e0e75a79b5a916a9250038e4dd1f388f4ae5034dfd54570aba1c6b2d38a.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

    Filesize

    95KB

    MD5

    4670fa55f0b1bc70378211793fe00585

    SHA1

    1818b4153f510b4098614fa9f9ac02e2d47dbd97

    SHA256

    6ff3f606d4c2fd45fbd48001c735c739fde9ffaac00f887bd433d494b9ca8483

    SHA512

    a35715141e6b21be2bfa781418cf48ef592fe647a7d31c5b9bf9307120bb561de15dde9fdd9c1fa7756bd864cc9ca47fbe22d4488098ab8aa1055cabc01be382

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    194KB

    MD5

    a84a9d08a25499516fea13a424c13d1e

    SHA1

    8df6fbd87fe6a5cdbd2d1eeb875dfc1e17346297

    SHA256

    a1bec668e05eaed0f1aeb375d8872c2fea3f9dfc0166811ef8e9839accfcf910

    SHA512

    349623c9d2ed3c1b770dffcd6b167d26d76773ec77d14cd60f4a29110c3191129112471c6862eb5b308be1460026f5918e3f695833db4781da50d035f610ef5a