Analysis

  • max time kernel
    150s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    05/08/2024, 19:52

General

  • Target

    2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe

  • Size

    72KB

  • MD5

    0ac0b4821bab2596e7fee0cddaec2979

  • SHA1

    a4ef61cf6c1436726ab49bb3468c97f843f2b0dc

  • SHA256

    2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898

  • SHA512

    61ac0e6c4a742345729b4a72e399925cfd8e8dd9abb2a2eab45eabc95bc39cb6c28395c9a6996b9438c15e111e08974ceeb535ffa2a454fa17fdc4bb98f7a51f

  • SSDEEP

    768:W7BlpppARFbhjbhg42LcfpR42LcfpW/P3bG3b52M+++++++Ehhp4BybOHK4UcyLj:W7ZppApBULcfpHLcfp241BoLqrN1

Score
9/10

Malware Config

Signatures

  • Renames multiple (3789) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe
    "C:\Users\Admin\AppData\Local\Temp\2ad26743fec16a4df62119da8aa8897ac892f21b1eec4df2dbd4073c4ba2c898.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp

    Filesize

    72KB

    MD5

    548dd567db588c17a49058b3e59a624d

    SHA1

    44971d2902c67234982683b0d2c2a4cd84815c61

    SHA256

    9efc74c3dd589658f6d27f7d58e54b1743d64e75b9b4ae8ebe273336c74669c9

    SHA512

    7bab69a377e04207a05331f7d816f3aa727966a75dc433e7687713130bd6a9c87689eef2e4144d00c2a62a8a1fac496f16623e76245f875af486f84f926febf1

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    81KB

    MD5

    8b6ebaaa5d5cd0cfc5734f0e5b880cf0

    SHA1

    a87daa14d6e6c58e7770ca5278fa900d1dd37183

    SHA256

    15823ec3e144e489717b4588f816d61619078d6bca4cf20ad719e3b7fb37e5e6

    SHA512

    8ce2f365bb478b62ca540c7c08f1bccd357f815ca3d4157dbe34090ee47ea6856515f532703332bd2ca70b99cfa3ebc2b16bcf2252bdc3c86cd0ce15fbb9145b