Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    13-08-2024 16:26

General

  • Target

    6bd65a4a1c85b51ffbeeb8d6d2205020N.exe

  • Size

    54KB

  • MD5

    6bd65a4a1c85b51ffbeeb8d6d2205020

  • SHA1

    407acda44e92fb8e913cefd1d1e27236174725e8

  • SHA256

    91d6081bea46f431b15cc8cc736551088990c12e43aeb2e98eb6d1dbd282f550

  • SHA512

    382ef4e7f5851a11721a937f90a7f86092cd4df4d1fbfa2ebe1228e777f2ee5fdd3a9c50fae927f4f025716ffad70da05424fc62f1ae9b03712462251d666c9f

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNyIHAJvHAJLMFp:V7Zf/FAxTWoJJZENTNy3p

Malware Config

Signatures

  • Renames multiple (329) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\6bd65a4a1c85b51ffbeeb8d6d2205020N.exe
    "C:\Users\Admin\AppData\Local\Temp\6bd65a4a1c85b51ffbeeb8d6d2205020N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2296

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

    Filesize

    54KB

    MD5

    c168e580eab39b7f8c2cc02bdf837806

    SHA1

    1bd1335ff64f4381a19277b9e544dc6f4425f62c

    SHA256

    c4df3c6710835ce5cacfab32593d949e97aa8b471bf3d965d70cd0a738bc28e3

    SHA512

    c24dde5bfeeeff5e7fd83868629be554a9b1449378ea15c3d4fb0a0e46996d2b532e3f7bf13106c57df5d763ef7c576404fea3c012546cf63feeb6dcfa34775b

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    63KB

    MD5

    eb09cc0553c05892c3174e6f8b01a09e

    SHA1

    1ee1e511c4230a6af94fa830c426335c08b8b471

    SHA256

    dfa822fd2b67d7c966ab6ebbc327f9df710b7df1e6e16721d3e8b1cd6028c1de

    SHA512

    430b085845593e87b461f392da116ac8b68f9acffa13fa0dda6c670e3e2f68ff756ef65209294a6cd19f21164ce3b7eef6208cb151d950f7c788015bd9dcb3aa

  • memory/2296-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2296-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB