Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2024 03:37

General

  • Target

    efc94de13fd08da008fa80441742090e6042bca3b968905086cb599aa36eb178.exe

  • Size

    55KB

  • MD5

    0c855112ecd43d019fa367d931c2d021

  • SHA1

    b65d049651d30f25f08719fc25ee2fc72a75560b

  • SHA256

    efc94de13fd08da008fa80441742090e6042bca3b968905086cb599aa36eb178

  • SHA512

    affb03f16606f833ffa3c5240df92badfd1f07ec11b5f5565ccb599dd3015a5b84f71e34a856431cbc445e746285bc2cd7230f2d382f8ff9a7dc8bd3137dc1bb

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9kd0R:V7Zf/FAxTWoJJ7Tad0R

Malware Config

Signatures

  • Renames multiple (5025) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\efc94de13fd08da008fa80441742090e6042bca3b968905086cb599aa36eb178.exe
    "C:\Users\Admin\AppData\Local\Temp\efc94de13fd08da008fa80441742090e6042bca3b968905086cb599aa36eb178.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

    Filesize

    55KB

    MD5

    ba9b0ea484f750f12c3dee84f96320d2

    SHA1

    3298442daa8daebaf5a5fc3f2e7bba87c5a7f47b

    SHA256

    5432ab60b9f2652e867cb0ee4256dcee3d1f42c4d58fbf57a66829d1827a4f19

    SHA512

    7e06432922a1a9e38cceff030abefda365013a92fc59635d8d753d9c46a3a05750763b00f9dec50f8ab3881949ecf7699ed7244949134435f2b45754740c2c36

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    154KB

    MD5

    9218b55f1d711fc4a68afce1f2213fa0

    SHA1

    bda0f82c65f9d0f0a29cc0f9372300a7cd7b5312

    SHA256

    c4ba3a1f5200b4e152565c7462d2f7006fdcec2db0352b8cd72cd095ff904c63

    SHA512

    4991fefd37ec56b8e169c6e968d0fb984a9d7801bc311d7063da435cbdcffb8df316c906c64126482b3cde7f6788d1d74a89f904e5377b194e8e3309d753f8ae

  • memory/3268-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/3268-780-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB