Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    26-07-2024 02:56

General

  • Target

    c0788839a8b3dc11be8594717385f4568fabf84e4df431ae47cd49476db3f1f0.exe

  • Size

    62KB

  • MD5

    54399835ce84a02ffc07283a456b37bf

  • SHA1

    ddc64fd3aeaef3460e2d9f9361cc85207a9a79f4

  • SHA256

    c0788839a8b3dc11be8594717385f4568fabf84e4df431ae47cd49476db3f1f0

  • SHA512

    556a90b5258a97c1fd4027aef907e47786fd5497640201898756822ec1377ae328e4d3ef051f01074cd1b9cc7e49d84faf9d0cf7210900a0e811a8013443742b

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBZBT37CPKKdJJk:V7Zf/FAxTWoJJZENTBjTW7JJZENTBD

Malware Config

Signatures

  • Renames multiple (3460) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\c0788839a8b3dc11be8594717385f4568fabf84e4df431ae47cd49476db3f1f0.exe
    "C:\Users\Admin\AppData\Local\Temp\c0788839a8b3dc11be8594717385f4568fabf84e4df431ae47cd49476db3f1f0.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

    Filesize

    62KB

    MD5

    752273975fc3445c36be844cca2f0e3f

    SHA1

    fee07518d97624eac885bec59a93d77a881bd3a8

    SHA256

    96faae3409eeb25897768432fe0b90a3339d1637f07f8895bb8050916927e9ab

    SHA512

    97f1913583b2a9b9c7a7ad7f0e031f314f4cb7365577fbe87622647bf8fdb8a4baa0da9825d6b10422160cadab795ff34bc97c36ddc13d637b2a2c942f00797b

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    71KB

    MD5

    943b8c5336d4bc5473265b7c21e7dfaa

    SHA1

    eca5c0b43fd7b027ad5d0a3cb55ffc32e0bec7c6

    SHA256

    cbad24c90b081fa6fedc1c225b9c04a17d1a4f0587e30109c0021300938bf229

    SHA512

    663f89aaa5d56d9933e1aec83a6ac3563f319decf60f00190e3f8146fc1b1b2e5520e72be61d7346e4aa260bf48b0d83ed37d159582408b81cd5ca95f0e0695a

  • memory/3032-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/3032-650-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB