Analysis

  • max time kernel
    119s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    27/07/2024, 06:58

General

  • Target

    a4b9617e383d9b2b2bd0fd1da22cb230N.exe

  • Size

    53KB

  • MD5

    a4b9617e383d9b2b2bd0fd1da22cb230

  • SHA1

    4ebd4b15bbb364e14eef6d65964684b95269f9f4

  • SHA256

    84b5234c1a2461c58892d5d52c377913cdf62afcf31f2c1be8c1459faab1308b

  • SHA512

    85d98724bd34b8a3d8d0b89b17a4c9da02760bdb744360bdc3f9212082b1e8bb10741362c1b9ffcaeb5bab719326d97a7066de76121102549bf573a816aff22b

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNyHF/MF/HggD5j:V7Zf/FAxTWoJJZENTNyl2aPK

Malware Config

Signatures

  • Renames multiple (630) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\a4b9617e383d9b2b2bd0fd1da22cb230N.exe
    "C:\Users\Admin\AppData\Local\Temp\a4b9617e383d9b2b2bd0fd1da22cb230N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

    Filesize

    53KB

    MD5

    5879691031db9c915020c51a33ebd4a5

    SHA1

    124935a19a7596df0c3e37f653759ea6bc062642

    SHA256

    1dea9db39e3a95701fca7120c05a90a6711f02d3429fbae34e2d2830f1e55dcb

    SHA512

    9776d7b745e5b7bbf49d8421c332360b7f89e17f45343dd52ba16b99d826a64346638445e0f20724c8599c7948b0d9b184dcb98aa94ad99d5fc31b4359483cef

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    62KB

    MD5

    9720b929f840a9bc13c7fcbc3831dead

    SHA1

    69111e34786d3c5533765d5c95be166b0fc1dd71

    SHA256

    30690100b8e665b5c1f591f004133ba0fd3a9897777502561210c6a94f7183a2

    SHA512

    1deaf50d3fd75fa209c339527bd163793b4a055642d5562012b2f4a12dc98aa1638bf7eaa04e53aaa422c2e187aa673639a5ccc6ee4230559b55d0dd2c048e5d

  • memory/2420-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2420-98-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB