Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    13/08/2024, 22:58

General

  • Target

    a19250d4eed762b3f5a3a823ff56d147ce0555a7949365d698da4ddb95d9f75d.exe

  • Size

    64KB

  • MD5

    dad1b151fc88bbca383be5e48f2318d5

  • SHA1

    a8b06ff88c935f20a2750d5e49680f3d415a5523

  • SHA256

    a19250d4eed762b3f5a3a823ff56d147ce0555a7949365d698da4ddb95d9f75d

  • SHA512

    b5d0c277352fce3a1b32c5f6feb4e5832c4ba98a3f83e41db67eb1172e22b13b3a55a45cd92d103a50725cc13f88ea9bf7d9368270c5b4b947ff5867aab3e4c9

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFz6:CTWn1++PJHJXA/OsIZfzc3/Q8zxY51

Malware Config

Signatures

  • Renames multiple (3748) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\a19250d4eed762b3f5a3a823ff56d147ce0555a7949365d698da4ddb95d9f75d.exe
    "C:\Users\Admin\AppData\Local\Temp\a19250d4eed762b3f5a3a823ff56d147ce0555a7949365d698da4ddb95d9f75d.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp

    Filesize

    64KB

    MD5

    2b26bea272191a933458c9fd10a71c9c

    SHA1

    116a993787f76576128008106db4c51f88a8a1b8

    SHA256

    bc3608a2645c173580d369c32180d3bebfc05c1ae71d1825599b4c4f7f7e9c72

    SHA512

    2719648e21cd5526c0ed5d93223248799db33300cbb063a53eebdf50d63fd795ae034d0e42b38bed5bca147ebd59d00144cdd8da645af0393b38c5a1b2254f33

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    73KB

    MD5

    f18bc6f4c441376112fe8af9858c41cc

    SHA1

    36c402d57a4dc246527e2fbc89078b7c279169a4

    SHA256

    b9438199f35036fefc22a2772856cf2a8f4abe8e5f8a20f0d92adc1a9c054a4e

    SHA512

    7233fedcc5771fe817ac88dd25083a6bfc6f8e1de60a69165b8c60579314d01b10e2761fad9c5122cbf9b07c8612c8b016588924220bf2bf03a25b1c7004184b

  • memory/2632-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2632-78-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB