Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    08/08/2024, 18:33

General

  • Target

    0de881bcefca6fd9abc7e1580e86c46922723837f86cbd7f485046c64398fd9c.exe

  • Size

    198KB

  • MD5

    ecb392115be62d9994b4bbc1d8412dea

  • SHA1

    2cf640865c92733e64d615a6b13ef97b8a941715

  • SHA256

    0de881bcefca6fd9abc7e1580e86c46922723837f86cbd7f485046c64398fd9c

  • SHA512

    94de20af5894c6656b57007fb62e21ddbc28feeafd2ea0396762eab229752b454f79e99a68aa739bd39cf798ea1463417dd1ee4ae639cb6adc71fc6425439b07

  • SSDEEP

    768:W7BlphA7pARFbhKKVeIuKVeIaCgx+qsaCgx+qs9lRlCE:W7ZhA7pApaX0aX09rB

Score
9/10

Malware Config

Signatures

  • Renames multiple (3270) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0de881bcefca6fd9abc7e1580e86c46922723837f86cbd7f485046c64398fd9c.exe
    "C:\Users\Admin\AppData\Local\Temp\0de881bcefca6fd9abc7e1580e86c46922723837f86cbd7f485046c64398fd9c.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

    Filesize

    198KB

    MD5

    9a124c9c3474fa0a2d022b108dc319fe

    SHA1

    d3c8298604afb8e52c15725172fd6387f8ed00ba

    SHA256

    58c2e0e872c9189c0a6c1e58a35b3170b30ec17281239e4eef2b8d3b17a64890

    SHA512

    40b5334844a6b50bae9519dd21779631500dd2153b6c1b0fcbd6cda1866dbb2d4fcc70320a4ae92abdf5a57234a8850f845450b2766d9035edc9b0b9c8c12ce0

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    207KB

    MD5

    33022ef1797ec047f16c7b05c602f40c

    SHA1

    793e1be07408f1d396e92e8d002ca03baeab6299

    SHA256

    4d82d6516eecefc91a77276617602da41bc43a076ed0533e60b00a5f8b374755

    SHA512

    54b24eab3cea9fe706e69d677d0d8929b0ab2797d6d0b61070f410c6e8ad23e99f4b95803d47b55f95e7507b68b153f88a2ff3639172621cfaea6481beb7be2e