Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2024 03:27

General

  • Target

    3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe

  • Size

    56KB

  • MD5

    788b975223e3a4bea328f2c8bea0a280

  • SHA1

    3129fabb60b2787c963110406583a0c1885b032f

  • SHA256

    3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384

  • SHA512

    655655bb7cc48891f0126972b79e277abcacbb37f6bad4b6adff8f6458bba0f30a17b10e69ffa91130827649ecb69e495c0f456caa18d154dd6f62cb0ec8e26b

  • SSDEEP

    768:W7BlphA7dASbSjJJcbQbf1Oti1JGBQOOiQJhATNyQYCpCPzzgpQZ+zzgpQZ+TQp7:W7ZhA7dABJJZENTNyQYCpCP44sjTj64R

Score
9/10

Malware Config

Signatures

  • Renames multiple (5000) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe
    "C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2380

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2045521122-590294423-3465680274-1000\desktop.ini.tmp

    Filesize

    57KB

    MD5

    057713cb1bc5cd8eedc5cdf03fef72f6

    SHA1

    cfc16b6e06042eb453997137e0d664fb8aebb8b7

    SHA256

    51c921df8cf0abdb01e5624672bf62a64c92091dd4936ba3dd679e36a9e02662

    SHA512

    dab02cdf43ce7517c5787ec20956c703440b24d63c0aa0b10d428e9e6b48842680af7f961341e27b0e800a70c917e38233c65da5c9a4b17ca480839e535de556

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    155KB

    MD5

    8d3caaf5198105d5b20d49e491031797

    SHA1

    2e6463c46e8ecf13cdddedc91bc64292b6c40522

    SHA256

    00fa4807cb4f38092e40d4221851780d1146201950f1aa434ed71f4da76f7fa4

    SHA512

    154d59856366ba9c24963bac955ca725a10bd795c5f561745c016037ede55506d89c144134fdbb14ce1e25c911276be44577386ebbb1dace06e14fdd3a91527a