Analysis

  • max time kernel
    120s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2024 02:53

General

  • Target

    7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe

  • Size

    39KB

  • MD5

    eaf5b6b958b26ca5c40eccbef70f7f10

  • SHA1

    1ba7c970629e8e9a8202410792f3e8807056e92f

  • SHA256

    7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fc

  • SHA512

    c7446c1d822d1b93e633089cde1a92ed2ef7a0af1ffe2d250349d5597342b54fdc04f1aafaa87fa99db500f6d2ad4d8f8b089791536244ef23b95fba1641648a

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9Ro+QOViJfo+QOViJEopodSox/6Sox/9K:CTW7JJ7TPUTEu

Malware Config

Signatures

  • Renames multiple (4532) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe
    "C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2380

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

    Filesize

    40KB

    MD5

    4029e508d65b4122babcea3742c09deb

    SHA1

    0bfa6955fbe809f14a2c825c92df2f756272d1ca

    SHA256

    2431ad6b191592c73d8c17c3a45aed2d6e7d0b6381a1dda9eb008d85c2a2273e

    SHA512

    7cc6be0a5b4f4260ac07f99eb6d02870800877fc78cb1c72b1413a70ca88850ff2a7be4349d9db724dac312a645b4e1e2eac0c44bfbb646ce677e9bdaecd8e1b

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    138KB

    MD5

    e52a21e763b565284ea10caf2a75803d

    SHA1

    b18f4d2f5e863d3f92602fcaed4ece0daa6c2e46

    SHA256

    eb17679ac670c9e032ced6f9dff30e4ae45d0a0e05280f0c0c8f273a7f6a5735

    SHA512

    10973c1914afd32348a3eb28a94b4fb0a1de3c31c0fb5f7ed95a04e790e02d78613aa11ac7c0ec3f276f68367a1feef0cab4ce3dd8a1ce5fb4c3eb22bbea248f

  • memory/2380-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2380-662-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB