Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    05/11/2024, 12:12

General

  • Target

    4e5b9ab271a1409be300e5f3fd90f934f317116f30b40eddc82a4dfd18366412.exe

  • Size

    165KB

  • MD5

    65c0c7c9fe6bc1d5296447aae6c6c14c

  • SHA1

    67217e5c6859afb1b2c736625fcf8bee9ad158cc

  • SHA256

    4e5b9ab271a1409be300e5f3fd90f934f317116f30b40eddc82a4dfd18366412

  • SHA512

    2453322a835c47aa10c1c7d3005319e75c01faf972efb03de9381f9dac870849917e96ca58cdd0e1f501b3d016dbda73a12af446971b545fe9fd164d739ce264

  • SSDEEP

    3072:l7v9etA6pzarOLgSua/iw6kzgm0Ip1qHlBxpN/FaV0jZB6SbFW2CT75I8Buowhvw:ljm0IpqlBxpN/Fd5bFWLT7mM7w0F3+k1

Score
9/10

Malware Config

Signatures

  • Renames multiple (384) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 1 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4e5b9ab271a1409be300e5f3fd90f934f317116f30b40eddc82a4dfd18366412.exe
    "C:\Users\Admin\AppData\Local\Temp\4e5b9ab271a1409be300e5f3fd90f934f317116f30b40eddc82a4dfd18366412.exe"
    1⤵
    • Enumerates connected drives
    • Drops file in System32 directory
    • Sets desktop wallpaper using registry
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    PID:1040

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • F:\README.txt

          Filesize

          1KB

          MD5

          a2216a7155bebb30e67f217f6fd232f5

          SHA1

          c8f100b610a63f28921c686a8a4a6fd9aa2153e0

          SHA256

          ef01b2342b49597ad0e326cad64ab471ec4460e09fe66a90e75bc30bf209cfc8

          SHA512

          57f383a840d74bb98185022b21204eb9954b0cf98c9188146dfe902d658e95fc71467195359394cfd73486ccb2315c19930685e6ae046ecd452caeb854fed498