Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    11/08/2024, 01:13

General

  • Target

    ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe

  • Size

    94KB

  • MD5

    cffe68ed15ba6b3a661a1a9086e53ee1

  • SHA1

    eb53d749470579d6b2a9872fec98fce256efeaa8

  • SHA256

    ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0

  • SHA512

    9e81a1e12642adcacc6e398ad65ad8c51b200f3d21618dc9c55c19f97e07eefe5f4ae79ad4383c63e6340946518b70018c981c4b0c434103e23790de96a390dd

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhG:6pWpUFpEhLfyBtPf50FWkFpPDze/qFs7

Score
9/10

Malware Config

Signatures

  • Renames multiple (3558) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe
    "C:\Users\Admin\AppData\Local\Temp\ad117da9ede361b1c6b21caf23284a30da8fe5818ad66a580a83249d517d35f0.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

    Filesize

    94KB

    MD5

    6656be92977cbbca4f3a7a9182838cf3

    SHA1

    45c9e85b0e555832141c57e9677d29807573b3da

    SHA256

    6881da48ed28306f595e92e7debf91c2d2e5554221564bfb2e737823210880b3

    SHA512

    e791566ed559f0efb989694597d5fec701adc885fcbda20600c87752c9ed2db9d6d08ddeccadf2eb237b8b8e6b0c7fca8a03717c350314d8bf0180625dcf91e9

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    103KB

    MD5

    30a44dc4afd3a3e647a28b4cd7f85180

    SHA1

    5a590ae107c5862dca86b6e2474c78b6b80abc61

    SHA256

    ca0fd359fd42e695e2c2d6e8d7b277c9ac06170a957eb0f23cc86edee1916087

    SHA512

    4d6d44306843349842e6129ac2be707b48011ad95501764e2cbf771981ca87dba107e2bd9b4238f4546f91591480d07b0fbbfd1cd4dad236da456d2861f716dd