Analysis

  • max time kernel
    120s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2024 02:48

General

  • Target

    b5d36987d3a74a9f1af4e705048e3212e3d1d19d54c6ced1326311de298fb38bN.exe

  • Size

    154KB

  • MD5

    27313bab9ce805ef77d7255ef3c4c200

  • SHA1

    cdc21fed58ac974d3a2142fd2f598e31c334a9d8

  • SHA256

    b5d36987d3a74a9f1af4e705048e3212e3d1d19d54c6ced1326311de298fb38b

  • SHA512

    3bdd0b3ef6fbf1dc9ab5471a8828a40d6383d049d472666190c3a491468ad4990483dfe611bb6674d93a3597b995197971a9d3a78d1703b331e8454e73ffdd5a

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxY5KwUTWn1++PJHJXA/OsIZfzc3/Q88:fnyiQSox5KwEQSox5Kwh

Malware Config

Signatures

  • Renames multiple (4210) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\b5d36987d3a74a9f1af4e705048e3212e3d1d19d54c6ced1326311de298fb38bN.exe
    "C:\Users\Admin\AppData\Local\Temp\b5d36987d3a74a9f1af4e705048e3212e3d1d19d54c6ced1326311de298fb38bN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:5032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

    Filesize

    154KB

    MD5

    bf5e9b27cd28c91cbc9691cfb6c3a183

    SHA1

    a188f6fee6bb40d1a6be71ec9f3cd9645f0d48ed

    SHA256

    3b4edc1aeb5c8e2cd9fe0a8b3deaad96f6468c8d6845724c7ed32a42cc286f8a

    SHA512

    d5fe3f234812763e72d6816d78c2239038dfc33ac594b5477dc6c13589c4f6b53113bf84c9b3b583521104dfcda3f6389334f764832770dd295752290fc600fc

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    253KB

    MD5

    16b8fda39595ceabd9f2f35881e6be09

    SHA1

    aedc6e0b2ca039183125c09d641a9b75986c8e29

    SHA256

    ebef8c9ea6741b6694ccbe128b62bdb98890d2c07857592a4a109a75ba24e15a

    SHA512

    1145b99bc97e55838bb816e11429e7787f79df8a79c954033cac295566c4699f26e27458a21916c6eb2776f2d8d08a37f4cea67f8bb6cbdd7111906f7a7f9b5d

  • memory/5032-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/5032-656-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB