Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    17/08/2024, 12:49

General

  • Target

    9312db1a4e7fbc4e2a05c9d0c81b9740N.exe

  • Size

    50KB

  • MD5

    9312db1a4e7fbc4e2a05c9d0c81b9740

  • SHA1

    214edbc25217a97317150d5f2621e971d4e5a28c

  • SHA256

    9354624c558b619ee507e593c1e97fe2a096e24ef674d1ad219d882c05a8ce58

  • SHA512

    5b394c3079013a2f4c6ed80a024ceadea558b7a2f7191462803db2c109eae1bc5ad0a1807b700e61aa3c335d8dc506a3bcf4ebcf89bb917fd172f59a0ad1eb3e

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9H:V7Zf/FAxTWoJJ7TN

Malware Config

Signatures

  • Renames multiple (3115) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\9312db1a4e7fbc4e2a05c9d0c81b9740N.exe
    "C:\Users\Admin\AppData\Local\Temp\9312db1a4e7fbc4e2a05c9d0c81b9740N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

    Filesize

    50KB

    MD5

    a1a8d0594e1d9eb1c637170854cacf05

    SHA1

    419ab66ef02bc4501d2c7c54319d74550bac2ae2

    SHA256

    fa74654b7a6e5e97a245e99aef11ca29ab9e8f29012161b4a4521726088c8d8a

    SHA512

    6825db2d2682064eafad833f013a847544da719f4a9234fd7d5da70a5487632571351250c5e94525a5938c9302bf6680fecaa49091d1b989ec2662f014c1f68d

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    59KB

    MD5

    60e9007b9b2631f49c5e5816504bc2c7

    SHA1

    56d8c9f698cd7cc6bae9e7ee28d6f48585770177

    SHA256

    a9f6ead29da4841f8d2618376a163ad5434282eec571bc6ad7f305eba75c6605

    SHA512

    1505b88ac1f7a5e50ee536690b07b544ab3d2f4a2a38c6fc7203e0a915883ce5410a4b68f5ef921223604f56c73fd47ced5cf3380ea4de8b5fdc8f7b45307452

  • memory/3060-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/3060-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB