Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20-08-2024 10:29

General

  • Target

    85a6685bfd4fccecb5ebcd0d1b6781d0N.exe

  • Size

    107KB

  • MD5

    85a6685bfd4fccecb5ebcd0d1b6781d0

  • SHA1

    560909fc6d7353b36f42291137c640860462f374

  • SHA256

    be168f67a3292b5bf4513d5dab17ff95aba5c438493df76eecbea62e012b83ab

  • SHA512

    a08f4c89787b26cbb896e8cf6f10e6ef45a97f735dbbd5e0c956eee0b6794886f44e89906b739b12ec28e9f6031457b4e43e11ad35995ba48f166f0567198fa8

  • SSDEEP

    3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBg:PqFF2Ie+efsim2T

Score
9/10

Malware Config

Signatures

  • Renames multiple (2884) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\85a6685bfd4fccecb5ebcd0d1b6781d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\85a6685bfd4fccecb5ebcd0d1b6781d0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1940

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp

    Filesize

    107KB

    MD5

    5a52d9c76c5d17231589eaf2a70eddb8

    SHA1

    6376df020c225732333ad30cabf677972995da54

    SHA256

    fe0a5a65632a8beb59db01d24a3e2ce367a3b45cbaeda59a5c03aa15b58f8e25

    SHA512

    feeee62366e845ccff88a03ee16d3b5319dfeaced79bbf87149126fd527fd18d3159eb64249caa03e90d0b235c57577bff1fc2376480ea02e0e6eedea768686d

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    116KB

    MD5

    74beb4d5213d2ae5be7836da1c14e921

    SHA1

    f618f865aecbd6197971bf6e73f4861dc5c6544f

    SHA256

    30dee18c4a5a3e036b233566318fad8ec702e35771992a2632bd8cba0c1dff2b

    SHA512

    4c5d74392112b8e017ff904d85f39818043de6af4823e56a0308d5085e68a6e390418e23533506ab7ff24ce182498090806b8c5a1af1260a09267dd82a6f2544