Analysis

  • max time kernel
    119s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/11/2024, 01:42

General

  • Target

    6843ded980458e184d527737563393ef78d7e26d84ae8d6eb06753dffb287b9aN.exe

  • Size

    93KB

  • MD5

    2c16e3e458f7feb4bda30811c953b490

  • SHA1

    baad33703b5d3b280884451ed66caf416af38716

  • SHA256

    6843ded980458e184d527737563393ef78d7e26d84ae8d6eb06753dffb287b9a

  • SHA512

    e5386d29e2eeeb2b4272a23788127098310811c5916cd7090147ec23ebf3607e07f87b61b838a41e540a72992a06bc8448f412b1a919f6e749b40ed75234621e

  • SSDEEP

    1536:/7ZQpApze+eJfFpsJOfFpsJ5DLwKP2awclvmxaKP2awclvmxLlnlE:9QWpze+eJfFpsJOfFpsJ5DLhP2awclvQ

Score
9/10

Malware Config

Signatures

  • Renames multiple (4360) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\6843ded980458e184d527737563393ef78d7e26d84ae8d6eb06753dffb287b9aN.exe
    "C:\Users\Admin\AppData\Local\Temp\6843ded980458e184d527737563393ef78d7e26d84ae8d6eb06753dffb287b9aN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4616

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp

          Filesize

          93KB

          MD5

          eada6d6b7532d74aaa1faac90f4fdf2e

          SHA1

          5458fb572d2ab3bf98492fb93b91ab2d42a550a2

          SHA256

          e58ecb578c55223a749fcd5d162e6ddf5a538d4e0c96751c520932dfba1167b0

          SHA512

          1cfc4288ec22bab95b0fbd72f2d1ebfddb1538d8429aa6d71949b12ca161c557864efad91c6356d0335f45d20c61de69cd4e45d31fc2d06f36c7f4a7b98b48c1

        • C:\Program Files\7-Zip\7-zip.dll.tmp

          Filesize

          192KB

          MD5

          e2375ead738a8fbf92509e8ef7c88619

          SHA1

          a1cb2cd2692054f223cbdbd865adc950ee377d70

          SHA256

          9d48d7525aa3cdac5b645025017ad15738fa925cd003a2b2acfc5481f9d823e1

          SHA512

          c4af1f6032c596c6e564e3d74e3865437743f3b2ed2146361d51f7a4c2d62cf576afc1fff4931b1911a38f531e6341b6315ee4ad81f496e7a7a9a11a7c63d70e

        • memory/4616-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/4616-660-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB