Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    20/08/2024, 01:24

General

  • Target

    ebc785702db2ae2896e0ca294bd30f80N.exe

  • Size

    106KB

  • MD5

    ebc785702db2ae2896e0ca294bd30f80

  • SHA1

    3e7b53cde4941da034935fe984b8ceebce6bd16e

  • SHA256

    b402b27525c4d0d9384e00bba8d508d7a9a0701720f26f11d5b8d9b5f742c915

  • SHA512

    4af894cd515eadf763f7c89c7679f234e17d84ff8f34d09478bb8c32493d204af8da0d978f2e0a95ebbf420b6d5c492ac1ac192f9a8bb8dcdc1b807a9889d128

  • SSDEEP

    3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZOf7fE:RqKvb0CYJ973e+eKZOf7fE

Score
9/10

Malware Config

Signatures

  • Renames multiple (2962) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ebc785702db2ae2896e0ca294bd30f80N.exe
    "C:\Users\Admin\AppData\Local\Temp\ebc785702db2ae2896e0ca294bd30f80N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

    Filesize

    106KB

    MD5

    e07a137c060b97f9fb691c5025a21fa3

    SHA1

    7bdcd07df3c44969fdb350e8a82d975eddd4d67f

    SHA256

    bbf95f317ee16afb819f74d74f8a8fe401f1461259e64ba8f193c66e835fe5dc

    SHA512

    525b34735f2a9b05813ca6fc9ee2c848aea5d994f63d70297404f9592b540aebf400965950e2ca50126fb4ca1cd9931f2235f878b15c4d0aaf6a37bf5eeef515

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    115KB

    MD5

    e8b6263c6fe874780b65fe9fb9064a3b

    SHA1

    a2d0ab8627a2b60e908b9bc2ee36053e02efa22b

    SHA256

    5358b2c942b32c403daf7952f374eb518a7076b9cf64cff43c7571bd17a98bf3

    SHA512

    7e6365fd606f3dbb9fe3b488d8fe6f153d38d5f26119f0e3b421bbb3ca3906157068dbe3f3e8ce817a31fa6c0266140e1b62162c0200754262e0f98b200ff528