Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2024 01:20

General

  • Target

    b56c77817ae941e0fdcdc96400028ed816edeb32add854df0177e1e7d8d8694a.exe

  • Size

    61KB

  • MD5

    5fee3115d283fdcffc5ce09e94dab0bb

  • SHA1

    fb668a72497332a7700c328f4f246b85dce4abbd

  • SHA256

    b56c77817ae941e0fdcdc96400028ed816edeb32add854df0177e1e7d8d8694a

  • SHA512

    b25b350cef3ab56371e78b6df26a0f92596b557420d4faead6f806cac3d7adf9a8100a679a0010f254634860156c25521747249c43ad8e13d255824465bf11ba

  • SSDEEP

    1536:V7Zf/FAxTWoJJ7TUoChyf7maVF5sQXThyaquChyf7maVF5sQXThyaqf:fny1oJ

Malware Config

Signatures

  • Renames multiple (5052) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\b56c77817ae941e0fdcdc96400028ed816edeb32add854df0177e1e7d8d8694a.exe
    "C:\Users\Admin\AppData\Local\Temp\b56c77817ae941e0fdcdc96400028ed816edeb32add854df0177e1e7d8d8694a.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

    Filesize

    61KB

    MD5

    636c9ea0abb4eb889adbe521ce9e6e2c

    SHA1

    493d84b6401bdebc41775fc06b8c9185906fb376

    SHA256

    d8879ccbdb5327e3e3d45ba8451435d33c6601de944077d5cd0517302dc26a46

    SHA512

    8a830141b38ee1042339d59c037f577a2c9ac4487761c55e8bb229849faeace8091068a613fb7f8ad835e091e7d3799df9c7d63ad6f6d4a4b1b7665ccdc29209

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    160KB

    MD5

    6dfb44d94eb090dd9c0799aea7077696

    SHA1

    9966919256eaea745ea8b2035df597000597b775

    SHA256

    65405a2d792d8cacd262e1f699ac31f349bcd17a0a8eb8542706e9ba158c1803

    SHA512

    fd93c49b40d3a5c1e45eb7618d264f5191cd4ab91f949bcd75a8214c70f2e227aaec11d05042c5de23f1398d1bba647384c5600f20f2cc4e0a52041004947370

  • memory/2984-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2984-662-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB