Analysis

  • max time kernel
    150s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-11-2024 23:01

General

  • Target

    6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe

  • Size

    40KB

  • MD5

    4c1219df18de3886fbe65bd327bd81f7

  • SHA1

    d4669db223310bc334d5ac24ca157f4b7eb48cab

  • SHA256

    6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511

  • SHA512

    e5870088159681b726c6f3ea8d6da70f1039679bdc2dff477f709111be0f6abea60d8687f6e76ca12bfb901a4179a57e52daf13430efef32d6d55953622369a7

  • SSDEEP

    768:kBT37CPKKdJJTU3U2lRtJfOn33EskmKs333EskmKs4gNAgN0:CTW7JJTU3UytJfOEfmKjfmKEH0

Malware Config

Signatures

  • Renames multiple (4537) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe
    "C:\Users\Admin\AppData\Local\Temp\6e14e206498ffd1b3ff9681b86ffaec684e20e5f847041ee299611568b9bf511.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp

    Filesize

    41KB

    MD5

    39c66ef4669f331cdf483577c1171c45

    SHA1

    f7af6c11b3a2ac968bd56b4427a8e70af6e15a1d

    SHA256

    1fa01741d0d84e61300baf9ec176aa09012dbdcd1fb0faf27e70eb2206e49517

    SHA512

    d6363276d596e737d3907eb370973ad23c780d92647e730baeb88756284f658df386db4c04371e321d98a21b58e5d52cd7a7740ff3c1a669f1cc5efd44b834a3

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    140KB

    MD5

    ef2913b297fe7ace563b736a41ecb2c3

    SHA1

    6cee6b0206a8840b1999d18d1b09be8245ebcbe4

    SHA256

    0040a8974f401b1aeca588310fbd78edaf4065590ae80cea0be62972b68ce2ff

    SHA512

    a4c6541bf96a93279eb33ab9334638c665369e4f2e7a7c8e126edc17ca072f6f65edc6e413b68c4ae5bcf20af70157a9a1fef2611f551adde8f881e401d1192f

  • memory/2400-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2400-642-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB