Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 06:55

General

  • Target

    ed5ba1dd443ae3683e0b2e19efaf011bbf90522e41b427eb1bcff7797b75090b.exe

  • Size

    34KB

  • MD5

    aad2e9de146d4eabc5d01763f809868d

  • SHA1

    480077ee62b32a7e61613acb7274ef5da696d138

  • SHA256

    ed5ba1dd443ae3683e0b2e19efaf011bbf90522e41b427eb1bcff7797b75090b

  • SHA512

    342cb9a6c849c21722773c8dbe5f57808329b3bb2a22e81f8086b816dd22b37c4b5025ec1887e42786cbdf249b30e74ecc1f6acccd5ee8aebb4b45ba5889118b

  • SSDEEP

    768:kBT37CPKKdJJTUNOXqA7JkuA/JQqA7JkuA/JC:CTW7JJTUNO1

Malware Config

Signatures

  • Renames multiple (3709) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ed5ba1dd443ae3683e0b2e19efaf011bbf90522e41b427eb1bcff7797b75090b.exe
    "C:\Users\Admin\AppData\Local\Temp\ed5ba1dd443ae3683e0b2e19efaf011bbf90522e41b427eb1bcff7797b75090b.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2188

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

          Filesize

          34KB

          MD5

          68017284fd76ab5312caa84a1556809f

          SHA1

          cd33472b9715834ef187bfd5e4c3f4d00d222891

          SHA256

          baf230be65fe1261b83e473587f3f823f8c7e60793a1356c8be467a0a2abb96a

          SHA512

          7f25c773a7affeb25f7e41e3096d6221a033ca69efa9f167b751fd28e9fef2cda0fae4ea69addc787d25c212af442981366b7c6a239213d168ca63829a48075c

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          43KB

          MD5

          8736b4bb3607998579b9dc051701cc55

          SHA1

          f4ba6bc5ed96d00e91642e512509c3ee888d6691

          SHA256

          a03213aa4827f13449a531e6b0e0c35e0362af9fbd031f989ab653537d30b449

          SHA512

          af7c7991f62966a787af0d3666a03ff604938ae5437545fca48e4ce0d84b698d3c4897682a7a10c6c095556e796903a112a0d8c09d4d12d189e4bd623a14c440

        • memory/2188-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/2188-70-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB