Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    24/07/2024, 05:56

General

  • Target

    5550bd13fbf2ebbd6ea9c84acd348020N.exe

  • Size

    53KB

  • MD5

    5550bd13fbf2ebbd6ea9c84acd348020

  • SHA1

    15a5b84b35109ba0dd75ef5d56b3ba90fc945e94

  • SHA256

    f4f616aa8bc95842df249686fce81c1c5214c3c9b8bb38b70bc7640f1454dd04

  • SHA512

    989824893e9904bef65009265d69a3f328ac1c493b651c1cdc09fcc7ebf929782f5f78b8a8825335908142c413f515ccfc07d6a61eb567d0caf3a8ceff06e6b2

  • SSDEEP

    1536:W7ZppApB7tlJ5OvtlJ5OwF7CujdyGdyMMkPMkYYL:6pWpB7tcttFOuR

Score
9/10

Malware Config

Signatures

  • Renames multiple (312) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\5550bd13fbf2ebbd6ea9c84acd348020N.exe
    "C:\Users\Admin\AppData\Local\Temp\5550bd13fbf2ebbd6ea9c84acd348020N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2552

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

          Filesize

          53KB

          MD5

          b9743599d74beed811dcb19206157c3d

          SHA1

          9a691dfaf73645b56861b9d97e2bf061e6b8a4b4

          SHA256

          d511b24bea82cc891d6b9a7a7e0b9ab55275daa866fa668bd1ac126df0bcdb88

          SHA512

          f57f235b92eee16635d7ffa3719d877b241c20d877b6805223f603589fe901df0c011e76ce2c8961c7cc1e6159b2ba4bde21ebb6817ad62cf55d44735174f961

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          62KB

          MD5

          88ada116545257d058460e0f711101e8

          SHA1

          0e8f16a9e010a5551838f915e2072e3b3af0c8d5

          SHA256

          d87b14b4f89faf2be1f5233055b933bcddc763c7d4146a0691496c57ca2a09ce

          SHA512

          f66c18897f050af34f32577bbd7373d5b72d1f468d9b020220aba57c0128f3093ca07e040ba8478ff622ef6314b53959143c7713bb04f21e28a137e8e0b744aa