Analysis

  • max time kernel
    150s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-10-2024 03:27

General

  • Target

    ec5896a605b32f37a6924420745e500aa561d953ea85d3a1f50c4f9d2642a165.exe

  • Size

    71KB

  • MD5

    57b5098d87a08e4a2f3b7b29b2953407

  • SHA1

    1d6ac278dc6ac882f24dd39efd09e63117d93319

  • SHA256

    ec5896a605b32f37a6924420745e500aa561d953ea85d3a1f50c4f9d2642a165

  • SHA512

    ec4361a5fb1336ee6d8d90186f4aba29dfe4b2b2658574363ed3d9f8644e3e4fb0b79962d94d9c3e92ab11699f9fa233f02234fe97aea0cdc21d449be0a87e39

  • SSDEEP

    768:W7BlphA7dASbS7EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKe8:W7ZhA7dAynMdyGdy7YRY1tvtHrFK0K8

Score
9/10

Malware Config

Signatures

  • Renames multiple (5120) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec5896a605b32f37a6924420745e500aa561d953ea85d3a1f50c4f9d2642a165.exe
    "C:\Users\Admin\AppData\Local\Temp\ec5896a605b32f37a6924420745e500aa561d953ea85d3a1f50c4f9d2642a165.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:736

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp

    Filesize

    72KB

    MD5

    233fe760e4b4705edd31b590e75f47f5

    SHA1

    ac25e1253b857aa4593e5e76b6bfb754e0aa5756

    SHA256

    8284a8dcd660c27f8840d7c418c9f341aaee25e028a047da27c7e4c7b9b77c32

    SHA512

    3a2f6c6545a2fb0b3d153a7653a060c9fab9e90991328df1fca6319d21f12224726d7fbbde9ef85a504df8331b454d271f29caf52860cf8172e0dd78dfcbe185

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    170KB

    MD5

    738da99056208c9e4744442fd34e51cd

    SHA1

    3b534e26f1de42414a5fa67c649807cb7b7f7133

    SHA256

    09789c009fb2ad06feee075bcd31e3b0251e417a6f799f5c1a4bed8b6383430b

    SHA512

    781cb07fe55ee2d433e0a3e406c5b5192155c24f71ff49089081dcba0730e46e4553e4ae481a900739f1e31502b2dea8501ac476e374ec158cd469402d81ac2e