Analysis

  • max time kernel
    120s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2024 01:59

General

  • Target

    58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe

  • Size

    48KB

  • MD5

    533d643c85ef67d52eae7867d4e195c0

  • SHA1

    d4e1ccd0d2294f1b5685add5d4e4bd3bcf14f17e

  • SHA256

    58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2

  • SHA512

    f6c113942d723fb1b232acb766e0b3fe7584e0b897f92c6c4bc2f2860b77f7b5f60ef94eb60fab7c148381aceed1fed897babb6f12b85606a31e268ce21ab679

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lsSThF:W7ZhA7pApM21LOA1LOl6vSb

Score
9/10

Malware Config

Signatures

  • Renames multiple (4359) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe
    "C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

    Filesize

    48KB

    MD5

    4549783a8bdf70844dcfca65ce58b927

    SHA1

    daad8ead03389540a7aa07685c5ae82589f774d5

    SHA256

    8bf4fdf93aad7555383e2454cd6945e31aec7d3d948642a89dd709b1fae3a625

    SHA512

    6fb2a7ba91865b2f09c08560ab9e408eb45b0463f58d86f4a8e79fa6abc5206398061387caae8fe0d5f31dadf5911c07d4e877ad847f6654e5f80654ef984f0d

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    147KB

    MD5

    3d61533586c0c46a3dea545f110df205

    SHA1

    be9743b2c9576cd627136b3086d50d21e60926ae

    SHA256

    781141598c2c657ef021ed7a3d760426bea0be47ac035abd8977cc7e01863ab0

    SHA512

    52031f33d52401a97b0837228b9ac3fa43e994accb664bc461980a6dec5a1d01e3a324a84074bfa2465093f2e5c3d723f9453eca870f2b09d9f1f4acb94bbe46