Analysis

  • max time kernel
    120s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2024 02:28

General

  • Target

    5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe

  • Size

    64KB

  • MD5

    8294f5cdfbfe0f303d0464f6cda77f50

  • SHA1

    c8b491e041cd271651c6adb8a83618ef265fea4f

  • SHA256

    5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68beb

  • SHA512

    a7d334a1c7de628a8515e6d929f8bf5d4b901c0bbfa17a029b16aea53b8925c975326d4367a5cd45a2b1296f90ca0add8edd052572fb9c1d70883f7e8d8cc39b

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9eEvCsZCsWQetQe7:V7Zf/FAxTWoJJ7TUcdWXtX7

Malware Config

Signatures

  • Renames multiple (4237) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe
    "C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4556

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

    Filesize

    65KB

    MD5

    f5669be4d0217096cb65b8570bcf3f99

    SHA1

    431f3079a1243b058a5a942d596417ad3c59ab99

    SHA256

    665bb500246c04731939b647e82267c06f4fe5ad879e0c6055d654c9b3144300

    SHA512

    10c0b4ab88aec724a6bd2fd376f1363de25b5d342710151804f45ecca3c469cef5a9cd5e38f3dc4bcc0eaeb947327f76722d812683ce3816838b13a3d48e3b8c

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    164KB

    MD5

    3f2394b7c21671dd2d4d50177c7fe5af

    SHA1

    8b057461050fb60e8c679fc2abc5eb75b0de252c

    SHA256

    3041f60ceba50ecec0d66eff0ef9da153f859204c821c3435daf9fc4730d4b63

    SHA512

    f387768aab4ceb9e7abdb5c9fadee3473ce26d41b5ffda28defea6805ac6b944274aa656677049f66f760cad7425dca26fa2611c2abba1ac1079c2d0e9749918

  • memory/4556-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/4556-652-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB