Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2024 01:39

General

  • Target

    68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe

  • Size

    29KB

  • MD5

    b25719682e0c1e0b077751b4e33a7400

  • SHA1

    cc097ce3c49a97402950b4da61ad44d727e70b5b

  • SHA256

    68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9

  • SHA512

    1a4ce4ffe0e4d0f3e2b5404d50ea68d0ce64b80cd8aeb00947542b4eff654a6ae2c55083fa0368beafc6325b18c9846e9098850ee16edeadd365c884ad927303

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9woOzOuiJfoOzOuiJfy:CTW7JJ7T4MV

Malware Config

Signatures

  • Renames multiple (5196) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe
    "C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:448

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

    Filesize

    29KB

    MD5

    487a65f3a3bf705c63d4ba6946cd163b

    SHA1

    346c7b3021a9bf4952bd5a4c871e10ebffd99291

    SHA256

    34bd6222b67d7ec075d2434f04f0907182ebdaf29146738448d0e7a779ae6d11

    SHA512

    beb559bbdbd3659231002e4549533adafbd6996c901ea7500ccb2131ba2f2a43f7607e1996936e1665d52f68d4838155a84a66299695470c9b12d27ce69a32e2

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    128KB

    MD5

    b37221089c11c56abac6178735504dc9

    SHA1

    814ed5ce5b293a7a6b1cb6c9aefd2aafa23d1141

    SHA256

    e3521509214c78ca9392754c03d5cfe8ecd29b97b1585bd95b5332941692756d

    SHA512

    068032a37ddc27a58e58b87f2975e46056b41464561d369e5cf84e0e5c6dbfb4ac29b56ea00b69f0c66b9611dcdcaed8865a48556e227e6a4951e6fd5ea82d2e

  • memory/448-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/448-765-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB