Analysis

  • max time kernel
    150s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-11-2024 21:37

General

  • Target

    45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe

  • Size

    82KB

  • MD5

    534bedd94ca54e67165c1d149b2f51e0

  • SHA1

    9ef81cc0c16dac89cb155ff596d60c1f15c120ad

  • SHA256

    45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55

  • SHA512

    37ab9341e47ed62ad01209a43eab59d97586b577d0d220f1e7b69781cf3516eb14a140ea116c7be6d14d6145a1b34642a51f6938ebe7d19c8328719521c59f3f

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjSEXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rz:V7Zf/FAxTWtnMdyGdy4AnAP4YraIyI8

Malware Config

Signatures

  • Renames multiple (4820) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe
    "C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:544

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp

    Filesize

    82KB

    MD5

    49244ed9baacf88220549fd05a3d758c

    SHA1

    a4e41f416d4d95a18958391d98f46692d9fc3613

    SHA256

    f3fca39aa5edcf8c220d2cd72865a2d4022a663228197facf074d7a0e53f2298

    SHA512

    74d41f774928741b8eb054e2b542fde154c2dbc582c415c0cc1c70b069a4b96c2c2028f27f051c9589d95904bd38603d67a376bb4a02f6fe95ffd138bbc50faa

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    181KB

    MD5

    953ce7aeb8380e2d62a03d7c811634f8

    SHA1

    f3c2546fc986223f81c746d4eec8cd01ec3dad42

    SHA256

    eb566bd50d041d079fcf61d3583fcd1a7415013f38896634b349f73f3a4be849

    SHA512

    1820d75b37c1d6f1cfbdbd2473e2bed9f70e23de2c282bb7da82ba06e06fa6e558bcbddb932e16d9b42815e61aee01765404ef61ae2f86dc4198ef03d0753a55

  • memory/544-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/544-656-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB