Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    27-07-2024 01:47

General

  • Target

    7cc07ea6ace4a134f11dbd94f8fa7480N.exe

  • Size

    43KB

  • MD5

    7cc07ea6ace4a134f11dbd94f8fa7480

  • SHA1

    30a950f8f8652fda2ce1e70c021d8579087b5f38

  • SHA256

    b7ff21be8d70761ae7e051223096a9ffa426a19e733feba9ff5d3c7730c7e0c5

  • SHA512

    1d1fc80b3a9ab28bbb58e58024d5b3ce35c4e82b35d012042b96f9aa93a7d4f1858fad2157aed4ce73db91ef4df6625727832267b4cc0a4da6d57e9b450e1640

  • SSDEEP

    768:W7BlpppARFbhjbhg42LcfpR42LcfpT4bJyGx3hMIJyGx3hM4:W7ZppApBULcfpHLcfpEJyrIJyr4

Score
9/10

Malware Config

Signatures

  • Renames multiple (244) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7cc07ea6ace4a134f11dbd94f8fa7480N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cc07ea6ace4a134f11dbd94f8fa7480N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

    Filesize

    43KB

    MD5

    fcda550230e83e983bcb8da606eccc54

    SHA1

    08482b9dcfec954aff2e61e963c27701f802479c

    SHA256

    b4cf38e6c9385037fb8eef1fd423d7a81213eac6c42809693d466ddcef650f02

    SHA512

    0e7e3a886dd6a7aeca3f4d24cda075c049ec24d5935075edcceb4dac324317b1715bd90b7af4fc45e3dbc37f762c7be3d1f9b4426fc547a493fb402881f82558

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    52KB

    MD5

    286556484f7bfef9968ebb052c58b7ad

    SHA1

    3f2452c5db152a4c6948aa893bd603753be045c0

    SHA256

    41a44011b0e63d84357a56c09ee4555f95fff9372b38d2e0c8a8bd7b3b6bf7ed

    SHA512

    8dc1f0635d478bc55c953357e3929c4ed2c2984e22bdc356562143901490ddfa8b802f96f9097f63d7a71744f54dc03f7e78098f762eca94e77704145f64ec9d