Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-10-2024 02:55

General

  • Target

    7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe

  • Size

    39KB

  • MD5

    eaf5b6b958b26ca5c40eccbef70f7f10

  • SHA1

    1ba7c970629e8e9a8202410792f3e8807056e92f

  • SHA256

    7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fc

  • SHA512

    c7446c1d822d1b93e633089cde1a92ed2ef7a0af1ffe2d250349d5597342b54fdc04f1aafaa87fa99db500f6d2ad4d8f8b089791536244ef23b95fba1641648a

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9Ro+QOViJfo+QOViJEopodSox/6Sox/9K:CTW7JJ7TPUTEu

Malware Config

Signatures

  • Renames multiple (5195) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe
    "C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp

    Filesize

    40KB

    MD5

    b8d6d57fb4507042d465529e803aa407

    SHA1

    ae7b54bc4c590ee037e7c09b9ce3b1f714b540a1

    SHA256

    213421137acf79a0b80cb5b7d56d962840ca2b0dc2f4a96d951ed768df328c50

    SHA512

    25e6b7a6feb9fa6e9ac6fa63272f3c060cd9fc3c5e164ef04e033ad3e31ee1b0f4dbcd0d556e6b8a65ca75f13c9a7ed04222de3b1a2a77a608da0398baf1f961

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    138KB

    MD5

    b48ea2ed914a71d00e5ee250184aa687

    SHA1

    023aa29d6f679773a83a319f06f2ef2a3203e681

    SHA256

    9bf5538fec22959cacc9afa0509394d305253a880d8126cc4e41019890ac9931

    SHA512

    2f5358def598cf9a37e8f467e975b816e87b99ca1c677e9923e48fdb5d7caf54ea451d17f6c1672094f484583dcb048ad0c81661a23e33782d5bf3ffe12d1297

  • memory/4972-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/4972-764-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB