Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19-08-2024 02:30

General

  • Target

    8056a12c8fc1c06a324cc702c075cc30N.exe

  • Size

    68KB

  • MD5

    8056a12c8fc1c06a324cc702c075cc30

  • SHA1

    91ea37bc71e01cb1c1f0664f1a2808a23c6d2528

  • SHA256

    ea5d5c2cdda7962ed5aa069742b81dd3b462ebc84faa99c79e4d53458dcd3367

  • SHA512

    2984fc1b6d8056052fbef38e81e1b093374c2883c6cb10ecb5cfab09e84afa5b32934bb2f63188f588c4bfc1db840262811e742ac80460c3941243a4521a0b49

  • SSDEEP

    768:W7BlprpARFbhJ68nNIreUYEreUYX1n6mQmB/0BCTBCgPn:W7ZrpApJ68nNIreUvreUun65nMTMgPn

Score
9/10

Malware Config

Signatures

  • Renames multiple (319) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\8056a12c8fc1c06a324cc702c075cc30N.exe
    "C:\Users\Admin\AppData\Local\Temp\8056a12c8fc1c06a324cc702c075cc30N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

    Filesize

    69KB

    MD5

    32f45c93cffb82636a3863e2f3f2d30e

    SHA1

    2c766a729aab3f9c2936d786aebfc3c39a3e782e

    SHA256

    0fe5c8a59fc8e1f19a635bab9c7961070bc5e146cde82d9bec39800d09569408

    SHA512

    65a9007c5d7252911c316db61cf5e839e2af33064f85723bfa517b20d70c6f06c910f7bb433fe25bab6080f6ca809730946115317dae8c3068965fb2bfbc1fa7

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    77KB

    MD5

    c2c02bb1665b9a77172dc06a6e73f60c

    SHA1

    54ae17d333c24f6b6eee91fa34879cfe5bb20281

    SHA256

    30c728f89141fd0f93de3c319651ef2f510329eea4e56153229f981af86e5b99

    SHA512

    1cb674ff25229f03c20f7dc88bb7d51eda1920650b14f5ddd2c7bbd2f14e5258be4cd93acc634e70dbb78b9ad2fd7247489299d9307eddef09c2fcfb8d03cd75