Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    24/08/2024, 13:01

General

  • Target

    2153fd2c6cb9b73c5de72092e192b9b0N.exe

  • Size

    39KB

  • MD5

    2153fd2c6cb9b73c5de72092e192b9b0

  • SHA1

    d8da113629f5889fc5f25a8216f6e32b1cd52792

  • SHA256

    3e66b71b72fc1d959bbb6a1c2f8a1d41c853f63ac0e8072e06c3a5cae976baaf

  • SHA512

    4a6f7cd9da358a996ebb5343b0f0b1903c1d5f22615687d42f0dec375d660fd24b86ff99e3e609a2bef28ab8b65fa5ad5d76f4f7808a1c51662a2d7f1deaf89a

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LORWAnWAkpUE5c5eJy:W7ZhA7pApM21LOA1LOrtkpt6v

Score
9/10

Malware Config

Signatures

  • Renames multiple (3189) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2153fd2c6cb9b73c5de72092e192b9b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2153fd2c6cb9b73c5de72092e192b9b0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

    Filesize

    39KB

    MD5

    71d4d34aa9ab907c6c488375230e6bac

    SHA1

    c66682b5c95608068dd2f2f0559b12c6d24b3881

    SHA256

    9b23a8990705482bb5d62cbbb43accfe7df55eac62b71486b55f77619948a71e

    SHA512

    647912376fba0ae3d8cac25de352a0d9f472b395907d38191694758b8feb3c87ab94c4d7701cc20e6a7e1cc4bbbe3fdc9f59427183048bc89a32866439ae2a55

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    48KB

    MD5

    11a8b825726c09ae5f971821306dca19

    SHA1

    b6e44a543b8fc94e08af7bc79828b0abf8159cc5

    SHA256

    88d39c87fa05a9cc5392e55dc56d563ddabf5b30dd42d9411bec545ea5930471

    SHA512

    73e4082181937f20b49eaa37be966b40c1402b8722a04e93988ac3ba3b4cce6f2fad0c1914b42f3e2b65b2c941f6fcfce4f3a5ee982ebe0fb1b1c3fd3a6b5969