Analysis

  • max time kernel
    120s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-11-2024 11:00

General

  • Target

    9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe

  • Size

    58KB

  • MD5

    ba5b3efa91f041882b28730d53a7b0d5

  • SHA1

    68c95376cdcde66edc83334be294d6f4e8d64003

  • SHA256

    9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03

  • SHA512

    ae1df7eaa78136ce9622b83b40d2036f4b21df452f559e600336e5fe939a670a742556755fc29a989ba7e17ba92118d6b01b73fbbb9ce0052d15a23e937aaff1

  • SSDEEP

    768:kBT37CPKK1EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKeKiwlX:CTWciVRRNRR3EBb56lbE6lbM

Malware Config

Signatures

  • Renames multiple (4179) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe
    "C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3312

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3442511616-637977696-3186306149-1000\desktop.ini.tmp

    Filesize

    58KB

    MD5

    781506288ef319d34c4ccd35b61d378a

    SHA1

    ceb6c756af63839416e78fa26a42f93f6b785fcb

    SHA256

    58534bf98f822331cb0e3566ae30d20668f9ba74c618a63111778cb9d0a40c07

    SHA512

    6a5d11f45020411897a09065e958e165dd6d9035df919047692563c6f4ecbbb07d94cb0720e81677ba93d2d9fac2f37e045ea50428208296d71ca538aa695687

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    157KB

    MD5

    d25ccb3527b01a573cf4459eba6d6f23

    SHA1

    b1f6b379905e119b726294e4ecbbd88ee999b192

    SHA256

    021a9f46b3fe47fa288674b9bf045d976039c4330b8f1dd57fcb7234191acfd0

    SHA512

    0b5d5653fa3a82d1a11fad28c8d023247045e20c63fa181adfb3953a26c973612a6493c52a23f54fa9566b4f00b07cc4c4d7c75d9ba88b44ad25ff91c5f45bfc

  • memory/3312-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/3312-661-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB