Analysis

  • max time kernel
    120s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2024 00:39

General

  • Target

    1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe

  • Size

    43KB

  • MD5

    782ad2e90988c8eebd513cacd783ad40

  • SHA1

    bc6ead544f4650ea6cd0c988d3a668d053d90acf

  • SHA256

    1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbce

  • SHA512

    ab132af80d7ecd94c511a1c8fd914d8f42ed5d1c61a748d6bea2f244c7d34c777ec5aad85cb9d053b0603fb17f0f01c6e2585df99e9445121f4cbc4a4a5a797d

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBZ:V7Zf/FAxTWoJJZENTBZ

Malware Config

Signatures

  • Renames multiple (4631) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe
    "C:\Users\Admin\AppData\Local\Temp\1d76b24eeea34127a776a91c4e27ea78e3e327ec1a1b89012577320233f2fbceN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

    Filesize

    43KB

    MD5

    90bf0638eac15b11b53656e3d31e260f

    SHA1

    773af47cf49b02aea3a640ff9ceec9bc6cedcd4a

    SHA256

    9e87db4dd24eea0b536c490de34d055fd5598591a71f512e77b2f5ee9524a24e

    SHA512

    48d6fa3587754a7a77b517e25c6e8a6cf1829ec3d51e61c4a288c0fae86129683a0bdabcc5679390ef5e5219b1a6334090f8eae5a50f1b5b7b7acf6360f35436

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    142KB

    MD5

    a77f3e54fb23da299c7825b8c441e5ef

    SHA1

    9b637418d0ade10f611c6fc48f975e84d36f4039

    SHA256

    c57a3e2c5b0c95153ab81be4b89ca7798cbc479619348dc2020d271b6d144aef

    SHA512

    3b8de63cd45cbf82df3650371223db0e1dc2c2bf78656f4c8631869b7140be6b5809853813b25f46e5dcfc21f65be27cd60cca589aad2aa618cd837676bdd0a8

  • memory/980-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/980-774-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB