Analysis

  • max time kernel
    120s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-11-2024 13:19

General

  • Target

    daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe

  • Size

    45KB

  • MD5

    e9bb3367aeab89cad4680fd5af2a5520

  • SHA1

    9e4a3ac3de59579a9b0ccd12bd3ebf7542a130d9

  • SHA256

    daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654

  • SHA512

    6b2578a18e7ae8608ec061e49798ab91644aa7b18b2a5fca5add6f043a03bbd08104382622d779f504095719d1c007ba43136e2b6930568f34850573860af00d

  • SSDEEP

    768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFcdyGdy+zWzS//1gKl8:W7ZppApBULcfpHLcfpyDcdyGdya6

Score
9/10

Malware Config

Signatures

  • Renames multiple (4169) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe
    "C:\Users\Admin\AppData\Local\Temp\daa5fd57b1bcff207b4049156f65f502e51f4476c008d75fa7ffcc43945a6654N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4800

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp

    Filesize

    45KB

    MD5

    8ac9686e220d5da588bddccaad2fcb67

    SHA1

    06dac5654a037efb0893db301112287e67231b9b

    SHA256

    e4768023e6f49c0fdbbf95c418c9276a3a2f2c74b0b70b58ec3e7b6dfacd0ffe

    SHA512

    e3d9fcf303d7a93a59f89eb1103e6e202e3d57b47598ad360cdc75cc1032030b980e32efe8aaa6a3780334618eb50540947b51097fe224780ae51f744cc0c5a2

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    144KB

    MD5

    392553f26101d3499159714887e74746

    SHA1

    c43aedfec7eda06dfff69ac8f267c3f9c490d751

    SHA256

    946ae8170fb8acecf4e86468d2a1546d20000d712cef8673a221a06cbdecfdcf

    SHA512

    f6c5f884fcca9071ecf42f827efb4439cbc3c89a180666c76d1bc0a1d32069f61c69ffc4df630c41c04c39082e1daef927415769e8d5d66cbc1800557b2b4b76