Analysis

  • max time kernel
    120s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2024 01:29

General

  • Target

    f1e62a6ab8b591619a5ccd37413fe424fea58ef4ace810e772620f27ff0fde38N.exe

  • Size

    96KB

  • MD5

    7adc5ab8a091a35785d3e8f1158d42f0

  • SHA1

    f4b71f89f2e26f8199f34eb0a222323e8843da24

  • SHA256

    f1e62a6ab8b591619a5ccd37413fe424fea58ef4ace810e772620f27ff0fde38

  • SHA512

    b209389544d4cb32f372d2c86d61bb332c8fefdfcf8474a2ee158b0414eb8acde12ad0b1bd8bf64e13d43e6eb7f792ee19f6db4b5231a731e9736584016ee8a0

  • SSDEEP

    1536:a7ZyqaFAlsr1++PJHJXFAIuZAIuXsJtLJtU:enaym3AIuZAIuXj

Malware Config

Signatures

  • Renames multiple (4370) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\f1e62a6ab8b591619a5ccd37413fe424fea58ef4ace810e772620f27ff0fde38N.exe
    "C:\Users\Admin\AppData\Local\Temp\f1e62a6ab8b591619a5ccd37413fe424fea58ef4ace810e772620f27ff0fde38N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3148

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp

    Filesize

    96KB

    MD5

    7b5fbfd9d972feb0b761ba641472a6a2

    SHA1

    64f6777233a054994b1453b90cc60f933975f059

    SHA256

    0bdef094d115f3d0ae26a8a710ace986f008a51e0536fafe11c2f8acb13bb432

    SHA512

    7c9598b0ded3f290ded85564f90701e2b32665a169ad18c94aaa02d60dcdb525e4c0d2b6cdfcfa42ce851a3961111447e5fcfa04f9e462491b5e492cc89dcd7d

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    195KB

    MD5

    c10003db274d40bcdce1f24253b18b92

    SHA1

    8ca561a3d43b2ae84a6accc5a0b04fbd07b675b2

    SHA256

    7d2ba15ce8fd40f2741fa615efca8506efc32aa763e80aa9030fe297d2ebba88

    SHA512

    8864826671c1b65d3462bc56d81b6c2e4bf15170699f71cf4876e5aa634af211d0d3b8a9fdd37e865dbab5a0bd34a635c4a04102e9b4561ba75fc6b5979eab8d

  • memory/3148-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/3148-660-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB