Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    02-08-2024 02:37

General

  • Target

    98812de6b363561a107c7c0091aafb379564a7f2b92cf53f050e2a0ee096aeb2.exe

  • Size

    28KB

  • MD5

    8ceef7814a0552f57907d6fca6733940

  • SHA1

    3a01c224c371185f3d4e3f10cc403e7829bfdfb8

  • SHA256

    98812de6b363561a107c7c0091aafb379564a7f2b92cf53f050e2a0ee096aeb2

  • SHA512

    f7190a734a83cc9e3dd8af1efac39a13b7f43312594baee27928bac0fc932d134d5f5e8a09209a44868bca01bf4c86fd0ba7a3d33c0f3879d2f27e9672a77090

  • SSDEEP

    768:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJhATBHfBo8o3PD:CTW7JJZENTBHfiPD

Malware Config

Signatures

  • Renames multiple (3684) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\98812de6b363561a107c7c0091aafb379564a7f2b92cf53f050e2a0ee096aeb2.exe
    "C:\Users\Admin\AppData\Local\Temp\98812de6b363561a107c7c0091aafb379564a7f2b92cf53f050e2a0ee096aeb2.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

    Filesize

    29KB

    MD5

    5bca2bce4a5d4510e6bafce460623982

    SHA1

    a6690caced0708ecc3a1ac10b1cdecf2e1428a71

    SHA256

    bcda6eca28c9b88d8e236ff42b8aeb3e6eb9e0de2b26332ba7314fcd49eaf28e

    SHA512

    28dec958dc294f58d800a52f88956059c94899dda5a7f8a307e9a69ba8af683b3fc6ac13124543e07e0f9bac3fb7c2b506f6e8b7c669ed3bcb5532994bce252c

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    37KB

    MD5

    11869f3b3df57948264771576b8bf88c

    SHA1

    7b09130abf6fa6a53ef708c79b41fca621556e33

    SHA256

    5c78f1130af7413c5d5e3c9c4109a8397b3a3bbe77a623d24cbbafc35b23a3ac

    SHA512

    7e5ac9b72c2924a693e8570905d84035193032b8d5a314267e7d5526f87f1129600b9b30246499df6167d24a0cdcafb91af2722811ad067df31244a03cabc75f

  • memory/2364-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2364-74-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB