Analysis

  • max time kernel
    151s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    17-08-2024 18:43

General

  • Target

    0a6527e8b64bca22cc205e2953242331f9150cde7e51acd691d4aa9e3c22a506.exe

  • Size

    89KB

  • MD5

    2113c9b23de275bd51edcc621818efda

  • SHA1

    503f67950e89083b899fa2f8006402a6d560ac0b

  • SHA256

    0a6527e8b64bca22cc205e2953242331f9150cde7e51acd691d4aa9e3c22a506

  • SHA512

    37b056ce81d78d2ee4fa386dbba5cf544ff889c82718424e5d6bf5a3c65bd378bc4eecc573f5777aae3797ec6e12e0512ca5df774306ff6ffa915e55e50d14cd

  • SSDEEP

    1536:W7ZppApUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsAcEhi:6pWpUFpEhLfyBtPf50FWkFpPDze/qFs/

Score
9/10

Malware Config

Signatures

  • Renames multiple (824) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a6527e8b64bca22cc205e2953242331f9150cde7e51acd691d4aa9e3c22a506.exe
    "C:\Users\Admin\AppData\Local\Temp\0a6527e8b64bca22cc205e2953242331f9150cde7e51acd691d4aa9e3c22a506.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

    Filesize

    89KB

    MD5

    381614f57a4a99f15997671c0f6328e9

    SHA1

    61d3843a3a7b26a712b24dbf2e320dbc1cc37b0f

    SHA256

    a85c757944f168139c7cdfc1e2ec14cb229dcd3499467b2888b6c85ce8573366

    SHA512

    9f70985331cfee1a0f0585a0d7d243d66bca345cff13b5b533bc89e7cf40b307b320c79ec2dac300dc0ecde2de2f30078817daeac24d4ec367bd1e670e07e0b2

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    98KB

    MD5

    57d67e1af71938e9d0a1e20a67ab038b

    SHA1

    94ab5283eb4478448fed4a1a56ed5fb1faa37f58

    SHA256

    d81993bfc441da09dae939628014abaafda10fde242a73a9ea7ab319236fd264

    SHA512

    3f46200d8d641c3cf48d477abb3418cdce26af3cbc93dfd786300f578f93510d99355c50a248900e3c9cfdc55c5766d105a2865a19ccb7a7bcb716d723cb95a1