Analysis

  • max time kernel
    116s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2024, 10:52

General

  • Target

    dc2577219599c45c234fc0a35bd265e0N.exe

  • Size

    47KB

  • MD5

    dc2577219599c45c234fc0a35bd265e0

  • SHA1

    edef92d666d2dacd39b488eb17b477538f395434

  • SHA256

    05a514971499c85d4d93912f13bf18a43e8e0572ef0a5ef20ddd5ec2bae77ebd

  • SHA512

    f7a9c518771ab5e46d144dbc030a25646c0f9efe7508ddef83fa6af5d8cd45268bbc230f3a530f2365b60da87d01616f9ad2b2e2809d12e848d6763a995d54e3

  • SSDEEP

    768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFXpK5c5khwRDThwRDvou7Oi1J/x+Oi7:W7ZppApBULcfpHLcfpyDA6swXwxD2Dz

Score
9/10

Malware Config

Signatures

  • Renames multiple (3118) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc2577219599c45c234fc0a35bd265e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\dc2577219599c45c234fc0a35bd265e0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp

    Filesize

    48KB

    MD5

    8dcccd7fca2f5055dff8d6becc65aff2

    SHA1

    bb32094fa62615306e4196d205903d2eabd25472

    SHA256

    2ff67886b09bc5d2a95a3b8b417abf37ed16100bb554a0af842bd5acf435d4dd

    SHA512

    2803c30a0796f5f8508ae020db1e71bea6246cfe9f24fb8e167bb82c420420306a99d96980c0c8bff1048537265d573c8d8598c2dad1c2c6ba9466c100eca005

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    56KB

    MD5

    1f500e9db89f7b7b0dfe4ece8cb61e68

    SHA1

    0209696f84cb469c59c79a247257be532703724e

    SHA256

    001f40845d361ea25d23e9469379b2342131d1b73a12eafabc5b8fc73c938b89

    SHA512

    b466833f49bef5a9ad0cf55b577e5239ad9764a3a2d384813f4844906adc9a3de4bc6d7e719d0ff1d2e1cd4cbf0a54ffc9a9e061b7cb84940df016eec19f80ce