Analysis

  • max time kernel
    150s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10-11-2024 01:22

General

  • Target

    a69bf2de681ec97c1f9af78fb337b786bf0a8b792c89f05bd9f40ac335f66062.exe

  • Size

    75KB

  • MD5

    ed27a85599545084bca8277c5599a480

  • SHA1

    11e6288d97c30fcd5a7c9dd13b0525f4efa72086

  • SHA256

    a69bf2de681ec97c1f9af78fb337b786bf0a8b792c89f05bd9f40ac335f66062

  • SHA512

    83f7fd0131f74a1ee4103bb97db43c42c68bb5c5c265bd98f89ee7c843c389f625244ce1f16a1a8b35edbbb9991ca13da33f55c1be04790ac627d4aaf49b72ed

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjSEXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2r3:V7Zf/FAxTWbiVRRNRR3EBbIOJ

Malware Config

Signatures

  • Renames multiple (4871) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\a69bf2de681ec97c1f9af78fb337b786bf0a8b792c89f05bd9f40ac335f66062.exe
    "C:\Users\Admin\AppData\Local\Temp\a69bf2de681ec97c1f9af78fb337b786bf0a8b792c89f05bd9f40ac335f66062.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4050598569-1597076380-177084960-1000\desktop.ini.tmp

    Filesize

    75KB

    MD5

    fba55f6472ea5021d193f0af5d0b48cb

    SHA1

    5e01ae2a4c1399ff3dc19b32f580719d8aed1182

    SHA256

    9fb40aa3b64673c760ab7b8cf57b40139980fdd9c93b4e0467490f8f1a9d6a0c

    SHA512

    53e9e264d8237f814e84d012955e1219282834a1ec40de1ce6a209381d7519e6d4fbd43a70f56e4207ff7aaef75a57cce566b6905c7c492ec768763323580806

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    174KB

    MD5

    34f40f8f4c30d5c4f72c607114f6d2f4

    SHA1

    8c407c3abb998292139895f07aeb3fd848352c44

    SHA256

    e2d0d1e14e816e4a4c83b99749041929ad603c812d3a33f3c78399b46e4a2e0f

    SHA512

    6d11dac884ba44645b7cc6108801ba2545a58d3dfdd4f7713b37377b6f4713564f902124559ddded7eeb0691b61b04df7ce675ce3c29ec4c523f566bf2a076a5

  • memory/1852-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1852-660-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB