Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2024, 07:20

General

  • Target

    ba3c16561b9c967b4f44380dfd8795a0N.exe

  • Size

    39KB

  • MD5

    ba3c16561b9c967b4f44380dfd8795a0

  • SHA1

    dcf9ef12fbb388543ae09fc2259eea64f878c1d3

  • SHA256

    ed6b488515c0c27c4cf2a255c038754ee058ff912c0d5112c71ee12b88661ed3

  • SHA512

    6f7a52ade6b72e0352eec651f60ed141a18fb55f54a76df9c7dc4eaaa2b6e65b1f832b7b51aea567c13972a93fb650f4800a081aa4aadb0882f139589f2b5e76

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lsSn:W7ZhA7pApM21LOA1LOl6vSn

Score
9/10

Malware Config

Signatures

  • Renames multiple (3261) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ba3c16561b9c967b4f44380dfd8795a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ba3c16561b9c967b4f44380dfd8795a0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

    Filesize

    40KB

    MD5

    779aa47fc09a607f874b79501d2bd604

    SHA1

    070d59510994397bc8c0768149da4ce54b0d6a8e

    SHA256

    d88cb3b3908eda2aa651270d54793d4a885b35b8f90bf0a84e5dd9aecfed6c34

    SHA512

    272ef0f80e83fec0d1f9455a5e7c3b561f7ba5c6b5d2ce3d8e1b6eb8787d20a6508bf64df777990a4fde29ee5894c8ae6d4ed7dcc870990e0bc8b38fb6adc2c7

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    48KB

    MD5

    a38d72dc20f6607314e1647bfa20fe35

    SHA1

    ba3621e1c234ffb937906504324ed441b3961cfb

    SHA256

    de48445bb7ab84704e1b31a2241b9d7586f92aa58227f951cd635ce194e9402f

    SHA512

    70aa352303f664f98de8c39c9e064fe62994c27343544578da0c2981bc2b3293465beebc9813e3437c6dae96c4e8c0a4cc5fa8b659f760847320bd5c84c385f6