Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2024 02:51

General

  • Target

    df317e4cea52c5257ba2cf73877aaf12fa5c70786f7aa1bb617c3a552ac78f21.exe

  • Size

    51KB

  • MD5

    0f2950327848ea38a94d7aa3efbfd862

  • SHA1

    8075eaa7778e10a9455bb185a9f9851e52e2634b

  • SHA256

    df317e4cea52c5257ba2cf73877aaf12fa5c70786f7aa1bb617c3a552ac78f21

  • SHA512

    c9357016745d5b32173aafe000b4c311d2d494f18177d50f58c68809cd40ffaf22dc20d0953bdaadf16a24c8c98e13efd45859d16b7e2dd2e519c2f0d65ea663

  • SSDEEP

    768:kBT37CPKK1EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKeinMdn:CTWUnMdyGdy4AnAJYq8YqiXb

Malware Config

Signatures

  • Renames multiple (5024) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\df317e4cea52c5257ba2cf73877aaf12fa5c70786f7aa1bb617c3a552ac78f21.exe
    "C:\Users\Admin\AppData\Local\Temp\df317e4cea52c5257ba2cf73877aaf12fa5c70786f7aa1bb617c3a552ac78f21.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:556

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

    Filesize

    52KB

    MD5

    b9195fdb5c10c482ed9b3e38d7d3e7df

    SHA1

    dc8212531df8e13fa5e7e9a33646ca1a0e8b9e67

    SHA256

    ea284c324dfcf40fc1d7139a2e834e35b91da5e5b66e8facb48968138563d721

    SHA512

    1453a550e2d8f6c0cc42f5bf388bcd6e1df3314349da924a956cf86d2ff71856f48d0204d3de55ba732aa261e74affcb6324830975c55f5f93ab6a591a455a00

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    150KB

    MD5

    9322147a2799084f1ec23a655f8c9153

    SHA1

    cff3efb8d4645c9cf6c8a54587a9acfdc9d08842

    SHA256

    99b93ee82b2fbd32e8e0ba9743b7a95f70759af53b8f79943017cda311348dc9

    SHA512

    0a8e0768f419ecdf7b75b2b8c77c431dcd1c890f08b8be736ae94b452a0bfcc49d3f56488ec8890b4cec8b48cc26ae5717cde1d425f440239459330b86ea0e24

  • memory/556-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/556-709-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB