Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    06-08-2024 08:46

General

  • Target

    855938396ac12639f7f547c64a9fe0e0N.exe

  • Size

    51KB

  • MD5

    855938396ac12639f7f547c64a9fe0e0

  • SHA1

    b9803c5aa065f3019ff7b6908ddb243ccec64021

  • SHA256

    ea315a1c9f74780943dcb8aba0977c016abdaa2d9037cb05a4eeee24d937d2fd

  • SHA512

    ee1c33b5e44775d3cac0e31182e10eec492fbf5989ca1e831854b892036c2678ea6bfa0015a2588ef7ad76b25322e1826964d977fd768cbccfb03407403ff6df

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzH:CTWn1++PJHJXA/OsIZfzc3/Q8zxF

Malware Config

Signatures

  • Renames multiple (3269) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\855938396ac12639f7f547c64a9fe0e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\855938396ac12639f7f547c64a9fe0e0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp

    Filesize

    51KB

    MD5

    2736767c52d152e534f93771179ed6f3

    SHA1

    e7aa9d04314f6b989a96d0097d61b426fe03e300

    SHA256

    d9407c7677334cb82f7076e76352897d3eca3509e229cdaebed62a7ba0f246c3

    SHA512

    ac045e621acdcfda306ec8af17e7140fa5d93bb4200cbf9579bcd2932faeba3d163890e424ab260d2c07bbe5fb7cf827415e9b7d87671419324f40f1701fc23f

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    60KB

    MD5

    04793fb5d80cb15a3009e88327ee2ec3

    SHA1

    1f344f5561200705241df3bc4bf3871badc49466

    SHA256

    f23f32c043b9fdc7f4824b89fcec10c80c06f1be099447bb100a980120332598

    SHA512

    1ca6a4c5e2c5faab17116c7b070c7697580ebd460a7a279313e90672ad19121d4f8ebe1a08b34f521db8379f8acf24feefb436778c31f7592d7ccafd9047de6e

  • memory/1400-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/1400-82-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB