Analysis

  • max time kernel
    120s
  • max time network
    111s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2024 02:53

General

  • Target

    00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe

  • Size

    62KB

  • MD5

    4a0606a289c95da3733d98a64334fae0

  • SHA1

    b02762728d3db7fc384a25541855b745f7449da7

  • SHA256

    00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0

  • SHA512

    d69924242e54114badc8ff5c24f3f806425372afad7105f36624dc9e62ce3a2cd095bc310b12abe981341380918fb8b58ecbaa3b1c51b434f11970b2db6cf30f

  • SSDEEP

    768:W7BlpppARFbhHFoqAJwBqAJw1VyjVyUA9sd8dF1Z1z0bvl:W7ZppApyVyjVyJ9r1Z14bvl

Score
9/10

Malware Config

Signatures

  • Renames multiple (4538) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

    Filesize

    62KB

    MD5

    b43e72d0ed170b7e84a314423558bb90

    SHA1

    68e4c17703580135e76c77759d44239cb04d955c

    SHA256

    4c832461f30197bf6098695e5ff90a78535e0618719c87589d73cda8329d6dc2

    SHA512

    5663b4fc4899d65719e00e5a9f23bb12528c807466c6f7d30f3588c07f0d52c1d5cc20593a48cc1f4fc3c5f4cb994a4f01b86a987339afdb4dac98d8e6531815

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    161KB

    MD5

    301b47a02580d06103cc4e2d8653916c

    SHA1

    3f5c838385fb1c61b1f8f8421bef20706bebbe1f

    SHA256

    f7c07b326a5594d131efc3e71df3c99c399a26475e387b0a0314cd50c10bdc70

    SHA512

    030224b65598af24ac914e201ae541c915ea9875f6152807558ae753eb19d33cdb531c580b2faa5351b77312575593cd82071b3714fb23530b9e7b0f3753e64b