Analysis

  • max time kernel
    120s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2024 03:20

General

  • Target

    0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe

  • Size

    59KB

  • MD5

    c20e65870810ff1bb985a801eaa0f490

  • SHA1

    a3fd6cf43851bd8e4fc6213454e7d0efd374477b

  • SHA256

    0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26

  • SHA512

    a5937e45c4500ef4b2ec9800bac14147901d4b5a6034fecdc9f2c7c2719b96f804377e7bf3a3ee653104a69082dbed61aa5bd2184f94df1ee6ecdb398458ec1f

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9eEUI0n0uI0n05:V7Zf/FAxTWoJJ7TU3n0Wn05

Malware Config

Signatures

  • Renames multiple (4533) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe
    "C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3132

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1045960512-3948844814-3059691613-1000\desktop.ini.tmp

    Filesize

    60KB

    MD5

    92060a23fc13eb753e1d1210671f27b7

    SHA1

    ae703a32c50f877284eb19b0e53e62d0c554dec4

    SHA256

    b892ea66f0f9f88ce8dbefaa90895e97c7a0025b51c329c481ca2d13274f20e2

    SHA512

    6e273979a3475cf5fa3cdbc2871c7518808351e28d6a1aaa29aa3251a48ca018051019811d0257180688f341bcf19c972572a3f6f47907f1b75241b80134ec24

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    158KB

    MD5

    f97935fa44c4d5faec4d0ff2e0ff2ed7

    SHA1

    470415087b85e6ef594406eef308ee9c56fefbbd

    SHA256

    0a71ea3ea91af01a7f775d74fb8c9fca3328f185171b182bd1454712f3c54de9

    SHA512

    0eed5651e73b2dbfae1f73d0b45826bcac282c90f4c2fd1c5143575ba9123d6a3def15fbf54d14da544218ae0d743992d40e5b8faf090b69736d2e84e83a004e

  • memory/3132-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/3132-660-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB