Analysis

  • max time kernel
    120s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2024 02:49

General

  • Target

    b848a0f6bccb12ca632cb96012ed0c4d1b0730d6c9bd33d29a0ffc2ddd549735N.exe

  • Size

    61KB

  • MD5

    74ffee820845401576717cd1d4e5b2d0

  • SHA1

    b4f2f674e11a6cc065f62bf3dd6e18716af551aa

  • SHA256

    b848a0f6bccb12ca632cb96012ed0c4d1b0730d6c9bd33d29a0ffc2ddd549735

  • SHA512

    bcf842fe48c29061779a3cd58a6a21200a6fbdc0436245bcdf8378a4bd35b0b05c42f09c8899734bc5f0be9a2ef9fdf247549fecd43642287fc32f001c8a0439

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9eEUI0n0uI0n09sg:V7Zf/FAxTWoJJ7TU3n0Wn09sg

Malware Config

Signatures

  • Renames multiple (4380) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\b848a0f6bccb12ca632cb96012ed0c4d1b0730d6c9bd33d29a0ffc2ddd549735N.exe
    "C:\Users\Admin\AppData\Local\Temp\b848a0f6bccb12ca632cb96012ed0c4d1b0730d6c9bd33d29a0ffc2ddd549735N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1316

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

    Filesize

    61KB

    MD5

    d94ae92ff80139dade914ec3082d9b6a

    SHA1

    5b6680b3c0272dc8e46b96235ef0340330de0b50

    SHA256

    9455a7cb3611d3ebfc8a6918bd0bdcb70129dd8ea4b94c03ccfab9de1b3813eb

    SHA512

    383fa6016049bbafbfd8b2a575ecdccf92dfc80c9749f4c9e8230a1395f592bc7dfc11dcbba75ea74c7b73499bab9d1234576297ae7a0c8a26b964a9a9a6d329

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    160KB

    MD5

    4ed26ee0cb70f7f793e4a36d448c19d9

    SHA1

    7681b5134a165c53ca49f5145bd9d7de1c29ee7e

    SHA256

    9cd412dbbbb0e34af846a0f82c84cfbd58426157af8a3900a028bb947277ed3d

    SHA512

    f68f7a3c36a41093d1c20b3fdf5efdaa2643c7de4fc6e19c612528559d027441103761ab26126e0f9ed999dd787f63783ce2126efaebd623bec54aa24022f86c

  • memory/1316-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1316-728-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB