Analysis

  • max time kernel
    150s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-11-2024 16:15

General

  • Target

    560d624a4d799f4434ed0603304a3a5cff790d74a337f3a688258493812582c5.exe

  • Size

    79KB

  • MD5

    58cc0359aa9555d6b6e838e8077d46e0

  • SHA1

    feb43111b8471bdf395c473bbaf33f16f97d043e

  • SHA256

    560d624a4d799f4434ed0603304a3a5cff790d74a337f3a688258493812582c5

  • SHA512

    4935671bd19234da124df1af0ca162ad28f31505bd595efc4948c7c6d4565ffba38598a08dac0cec7418b44c59becc533b910f6a2a172948faae4ce0a80cd513

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjSEXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rx:V7Zf/FAxTWbiVRRNRR3EBbL

Malware Config

Signatures

  • Renames multiple (4729) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\560d624a4d799f4434ed0603304a3a5cff790d74a337f3a688258493812582c5.exe
    "C:\Users\Admin\AppData\Local\Temp\560d624a4d799f4434ed0603304a3a5cff790d74a337f3a688258493812582c5.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:392

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp

    Filesize

    79KB

    MD5

    11314dcf53e7dcabfb9a7732f8e95ebc

    SHA1

    fda2bdcdfd0a635b2230ed551ca583698c6dd40a

    SHA256

    5704125154680aecef3523814e173f228d81ccfba763558f0b47ab8e873f209a

    SHA512

    e0c27e77ddacb7099628f6bef296d7e8ebc0540c9d58f7705d679feb22ccff9ab7af3cf7ba7056fb08b2316f6859cc2f160006ddb1fd7ef4911713ec58275597

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    178KB

    MD5

    02d3de17b272a1330060473b1d5cb60a

    SHA1

    4909ddb133779fe7daa303072fd4b43f32dd2964

    SHA256

    033a8d965c0a64608446539fc32cf4fdbefb3075760db7b7620cac556b0393e5

    SHA512

    7fc5de658ca52e31120ae305674f755e79b2ad17bcc73b119d8725a8b875575c201c5e4883bcd0ee397b15a77471735ae322ddb16cbcd64b6930c5c9c83d2c37

  • memory/392-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/392-632-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB