Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 14:03

General

  • Target

    065bee5daf9c192b0bf2a0d982fdb020N.exe

  • Size

    76KB

  • MD5

    065bee5daf9c192b0bf2a0d982fdb020

  • SHA1

    89a49a6f3a55bcf295eb2491224a98db8e509ddd

  • SHA256

    7e301c71f0f6f11c9565599bbcfb7df1ea092280a3a5637eb4eae18f65a8ddc6

  • SHA512

    b1f8c4e265d812c0e9d1f76ca84b7f7b7583e9ff107b70128f77fc4d481e687a7f0d164784502a9c1c91ef625f3f337c98fee87d4ff601b35c82cca3c5b305b1

  • SSDEEP

    1536:W7ZNLpApCZrt8PWGoPWGANdN+hEwHwDvZvB:6NLWpCZIzjwHwT

Score
9/10

Malware Config

Signatures

  • Renames multiple (3457) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\065bee5daf9c192b0bf2a0d982fdb020N.exe
    "C:\Users\Admin\AppData\Local\Temp\065bee5daf9c192b0bf2a0d982fdb020N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2172

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

    Filesize

    77KB

    MD5

    0d49a8ce883a441cce1b068a7ad5e18e

    SHA1

    27a942e3d29d574e83ead5fda559a5283b9c1065

    SHA256

    dfca1d3788d99df0eb27f4fc212ee8b29d321c5a7bc9f76e178b2669fda50cf6

    SHA512

    01490be40890ed6f25d558545f599756078f6e7936f15e0608798b737659e568d3c2f5a1d08349b9c2cf5faf9c597b05bf6968b53263b0891adc834638ef3fba

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    85KB

    MD5

    6b69e852df1937eb908f22598f5fabeb

    SHA1

    dd3f49e36c419baea057069d2fbed64c338aca44

    SHA256

    281a9ad7dfbb5d8bc7283678432f790b172fa3d5c6db2483170e004a6d5554c5

    SHA512

    e4c9438e26f6143293f088f4c0279a1fc137c62287776f341f65d611bbde3a665b265d3be8371ab6dfaa43a09ea9e7737f743a59d4c31681b51693b30e6d2a31