Analysis

  • max time kernel
    120s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2024 02:53

General

  • Target

    8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe

  • Size

    65KB

  • MD5

    71814d5f3ee8f902eaa026aed40e70d0

  • SHA1

    1ee8f8c2c84e58eaed4be98cba015f4bc17dd926

  • SHA256

    8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09

  • SHA512

    c1494fda2ea17ec50f7f47ebe7070b38397e2038539e094221a4399a0fe32061b5221355eef34c44e6c7d45c20ad24f6aacba0fafbb0f648687196feba917708

  • SSDEEP

    768:W7BlpppARFbhHFoqAJwBqAJw1VyjVyUA9sd8dF1Z12wDwm:W7ZppApyVyjVyJ9r1Z1xUm

Score
9/10

Malware Config

Signatures

  • Renames multiple (4544) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe
    "C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2484

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp

    Filesize

    65KB

    MD5

    3c95541d07fd1c51d25da8e70b797087

    SHA1

    c60eaa6b52907b3a660ad82952932cf808b13942

    SHA256

    daa2dcf69493638dc945f930707d639874d4940c7f2da610a9fd8615c479ff28

    SHA512

    0902f8c7cae78df8d5a08a5547e8dbdb27d9a7c94edb86eb8ef4ccfc5a381590b04470d0d0454eb13d5144891be8d1e5b2d6cc2e6770998a2fb00aa2e0fca98d

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    164KB

    MD5

    62fafc08d35f1ec1fa2fd342c524068b

    SHA1

    2e38a6ebc6837bdc2e9874409a68c98d779ee037

    SHA256

    d6465cc028457a6f8f2cec828a0d8cc905c5c7f70909eaaed14c3f91db491593

    SHA512

    9c459159eb48e0ab5584229260fef49981ce67f7b6c3cc9e833a5792e79e3a60db3ad7e8a5a2b25636e5d93dc8fc6c7bc730f888be7e94b9d2e50626001a578d