Analysis

  • max time kernel
    120s
  • max time network
    116s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2024 03:24

General

  • Target

    3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe

  • Size

    56KB

  • MD5

    788b975223e3a4bea328f2c8bea0a280

  • SHA1

    3129fabb60b2787c963110406583a0c1885b032f

  • SHA256

    3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384

  • SHA512

    655655bb7cc48891f0126972b79e277abcacbb37f6bad4b6adff8f6458bba0f30a17b10e69ffa91130827649ecb69e495c0f456caa18d154dd6f62cb0ec8e26b

  • SSDEEP

    768:W7BlphA7dASbSjJJcbQbf1Oti1JGBQOOiQJhATNyQYCpCPzzgpQZ+zzgpQZ+TQp7:W7ZhA7dABJJZENTNyQYCpCP44sjTj64R

Score
9/10

Malware Config

Signatures

  • Renames multiple (4641) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe
    "C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2492

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

    Filesize

    57KB

    MD5

    d245b6ec718873173aa7eb280ee0022d

    SHA1

    348370da4bbe161748ac0c9d284955a13ce6d1a4

    SHA256

    8f76797c8e7e2152847717530af25a828ce0bbbc15d46775d13720ee2ec3e6a9

    SHA512

    deb7a2cfb03000011dffae2c90186ee09ebcf22406171125864e6b68f0f54be7bfca1dbb4b19c3ad68f739085addf53aad7cf44d46cb1b5e2d5bf84afa52fb18

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    155KB

    MD5

    26738be253b7a64c1dda9a761d167bc1

    SHA1

    ada25c9c4f2ca1206e8310223ab69a1cb8462e17

    SHA256

    e691826f04e8801ab140cb465f27b97d8be9db468dc81e6e121b95868e5f5dd8

    SHA512

    a09bdb02ff767145ce1df44d8364b4c50a4afd1a076bfc7976f198f03e578e108afdd7808899b9f69f18012c62ebee67506fe8e9a5e72de56d284f4e56d4c614