Analysis

  • max time kernel
    120s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/01/2025, 09:05

General

  • Target

    8ecdc1a98eeb8a07b6b1ab22c08d8f360b2c3dd141ecf9f8b781660a3c017567N.exe

  • Size

    209KB

  • MD5

    4088c7c7dc7c8f0ba5497ceb9cabd690

  • SHA1

    79ee0a4d36b3714bba4a57ae6d3e9cbe3f0dd9d5

  • SHA256

    8ecdc1a98eeb8a07b6b1ab22c08d8f360b2c3dd141ecf9f8b781660a3c017567

  • SHA512

    dd45562a04b8832fb2146e9bef56894c1632069f9f7006900939a5d335c52c7bbea205a70845baac099a96fd34ef52ef9d6ad4dbd038bcc0815f2589b95f74fb

  • SSDEEP

    3072:fny1tEyyj2yAeCgjJQWHIjN3tj6qnv0b2UrXkbvLiPB:KbEyyj2yAIJbIjNDv0bNXkbvLiPB

Malware Config

Signatures

  • Renames multiple (3328) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ecdc1a98eeb8a07b6b1ab22c08d8f360b2c3dd141ecf9f8b781660a3c017567N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ecdc1a98eeb8a07b6b1ab22c08d8f360b2c3dd141ecf9f8b781660a3c017567N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:5032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2878641211-696417878-3864914810-1000\desktop.ini.tmp

    Filesize

    210KB

    MD5

    cad219ba2dd1aadaca43df797ba86a74

    SHA1

    15ba7162dcb0e4bde06fb5396316e0fec4563d5b

    SHA256

    73b7a7f7b19502a71e62064cfc5b41dcda69bf99816f96e77be944abf1da03c7

    SHA512

    e3a956916075409940a32802b8250ffb673cf57d7888aaf073e646bdc611d74cd8169b83725b6923c545d9109d95ca2e37cfe5269e12177f43425f9aef153140

  • C:\Program Files\7-Zip\7-zip.dll.tmp

    Filesize

    308KB

    MD5

    a8cb174dfe560a49bad3f6996ef7674b

    SHA1

    dbae5970d470b7fac92b513d7ab776eca2d34e76

    SHA256

    4205c1cc854e41961068139ccc725c483b7beed4fe1e718ab9d5e876ca984d43

    SHA512

    83795bb4d336ad0eee7886becb88dac61fe382e62ccafab0f1f7b80c409f593a6fdcfcad53382d9462a3ca43e49e8b1f3e5fb77569016d30113ab38dec47a52e

  • memory/5032-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/5032-640-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB