Analysis

  • max time kernel
    120s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-11-2024 15:56

General

  • Target

    8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe

  • Size

    77KB

  • MD5

    81c20fde6ec37ac57309bb5fb82de46e

  • SHA1

    ee1bf25af1dceb9d149b1e511fc972e278478bb2

  • SHA256

    8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954

  • SHA512

    59f04f44f5155abcc8da8951808f21c1e47cc38aea9e40a83ec2e1b29433defbd0959712f403d16ed04aad081e191e9b2525653b42b51658d339f66c16cb889b

  • SSDEEP

    1536:CTW7JJ7TWsdj2hkAeCgI3i0CJS1Il+lMq:h6yj2yAeCgjJq

Malware Config

Signatures

  • Renames multiple (2768) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe
    "C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

    Filesize

    77KB

    MD5

    a3a14efc3cce4f7d579a549bfb10b183

    SHA1

    886a128126f47f234ac5c729cad8aa3280f05910

    SHA256

    c49a4553ba534db13569146f1fe4e4249ee976f02f4ddb3394f56f86b0b8152c

    SHA512

    81adb3d1a412eb9589d4a3f017f3ba4b6788b8f0cd1b67300d965969b40b0a80cadde71a5faf09d63b4e5a105cd90761c854aeb68c3e1be314213b7fd71c0a37

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    176KB

    MD5

    9fde4aa7f95e35fc7d662f084f03efae

    SHA1

    c7c098bfdbfe18ecc6e7990c49596767247809dc

    SHA256

    4cb4e99d143b44fe3d58f3c47f3ce376ad34cbf9d4b3ec4963365b4c0badf96d

    SHA512

    0cd62cc9536f496716ac25ea10fd018577717a2ce60141c743ea3fdb8876067ca1e1e16a554dbcc410699a281c87226747930519e224b434480a5d39fee16ebf

  • memory/1532-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/1532-429-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB