Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2024 01:14

General

  • Target

    9ea787c2a7480585736a58778cdb6f3b61c80b48b7d3b5efa8a73f6d55a57428N.exe

  • Size

    87KB

  • MD5

    75e6fecef7e57fed83b33de116c31fa0

  • SHA1

    9ac5c557f4c76badc532931ac4c6f87078b49419

  • SHA256

    9ea787c2a7480585736a58778cdb6f3b61c80b48b7d3b5efa8a73f6d55a57428

  • SHA512

    fafca9d253a35859e52c6b06f715e252c3e3eff7f1bba2df9a3b8157c8d36794bc664692a701c2a03e748788b414cb11d26cd84893e56cdf65fa48cbb7771429

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxY5Kwj2rR:fnyiQSox5Kwa

Malware Config

Signatures

  • Renames multiple (4576) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ea787c2a7480585736a58778cdb6f3b61c80b48b7d3b5efa8a73f6d55a57428N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ea787c2a7480585736a58778cdb6f3b61c80b48b7d3b5efa8a73f6d55a57428N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

    Filesize

    88KB

    MD5

    5d66a9c6c71f31ec3c6834955c463239

    SHA1

    bf877be261127afc78667ad726f2a019e72ea8c6

    SHA256

    964ccebf166273df65429f5b8b260e941a533a9ded473ce313e179c83d9710af

    SHA512

    2f1f18525539f0ef4eae3f888feec40bbf47ec04ccd41dc91e4a86df68918a166747be55fbcd9b9abdb9d7954eb2871a5162f1041d7228e00ae577a4fe942ea3

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    186KB

    MD5

    a24ef462d7bd27b76023403db0a5627c

    SHA1

    3a8c49698ad1192c1cfa5e76b489cd2fbbc0f6f9

    SHA256

    69f4c3ebad0a827868a0ddb24e16d77bc31caf8da2a65dc5fc6b9cb769bc04e2

    SHA512

    9ca90ab208623fc0fe89e26d2f942b93fb53c20e118269192c7af4f84f2b52fe73805edb511698c4e8cfb3f9f9d3646bd660bab12e634bac39fb08ab7c810eaa

  • memory/2400-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2400-668-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB