Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    05-08-2024 21:31

General

  • Target

    0c3231f48eb034bc4aeede64d8c4d6d0N.exe

  • Size

    53KB

  • MD5

    0c3231f48eb034bc4aeede64d8c4d6d0

  • SHA1

    cfc17d9eabca136f3b24cfd7a5aaa2fe5b347037

  • SHA256

    e9350d4a40a5945b1808ff769ec3962946d664d56d7ca237f9090de454ec9edb

  • SHA512

    8fb39f3bfb8117932d8d590deda2c95fea85a43a66ff7dffa009e5bd39060efd6f91a11fc1e5a391c71bea6864f60a25992beedbe426dc2d96fb7b90320ebb95

  • SSDEEP

    384:GBt7Br5xjL9A7AgA71Fbhvyu7uGYSinVtYSinVwb1W3WxV:W7BlphA7pARFbhpYSiHYSi+V

Score
9/10

Malware Config

Signatures

  • Renames multiple (3339) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c3231f48eb034bc4aeede64d8c4d6d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0c3231f48eb034bc4aeede64d8c4d6d0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

    Filesize

    54KB

    MD5

    8543b1a603284af734b6cd0d2dda8324

    SHA1

    74cc066e71ce65beed848f9d4a536b0b04a9be80

    SHA256

    1de380271d9274f35a0aa2922568e0749e10f6da152af632f439e90956d89909

    SHA512

    374adaf53f661f72be0ff78a7aad3201c1a91da882a23dc8ed139d18300915c3c6dbb8915606fac52a228a5c9b8238cf7aef6fd7cf9fbc0d8428b2b4db24b598

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    62KB

    MD5

    9f06cf3df19ca7cd631b3f2b49176826

    SHA1

    7baf5d661c9bb47e6d2eefb49df1f8be0dd50e3c

    SHA256

    d5f41366e5cb46f4b380abbc540638bfac14e8f7b1297235d3cf88e8d285a8cc

    SHA512

    ae4347a81a94593c14ad0432cb1d8ad03a83a618c2798d651680afcbaca75ba8228cfcf009c15016849040392baa663b3378b20564ce3aeba06aefb8fef368e8