Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 06:56

General

  • Target

    182520a708225d28daedd10116406130N.exe

  • Size

    52KB

  • MD5

    182520a708225d28daedd10116406130

  • SHA1

    c75b3d688ba200090ba7d70b914c2d55f936d5f2

  • SHA256

    54bef597cacf1f5d826f943614e2fe79767c71b33b468d27322dd7fd3950bd63

  • SHA512

    200de298e297e99eabf7385b917284718f288bbc0cdbb1047fdad5f5a05f6f64db3d477fb1557a4e66381c420f89baae6252a0c174c83aba387a85da49a66a33

  • SSDEEP

    768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFew/DbAGw/DbACSU0SUfhwRDThwRDO:W7ZppApBULcfpHLcfpyDoA4WZwXwM

Score
9/10

Malware Config

Signatures

  • Renames multiple (3228) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe
    "C:\Users\Admin\AppData\Local\Temp\182520a708225d28daedd10116406130N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1732

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

          Filesize

          52KB

          MD5

          1842089f89ed69323b3643c281b1f2d3

          SHA1

          ce13f4b885350a0c657c3ac97c6a84bcc62a504e

          SHA256

          629421714d05b293e57bab66b608bac7dd37d665fac9f138acb8090b0e6791e5

          SHA512

          bcdd0b2b3e292cf76056b4660b2dd59f5526ea875b682579ec3f5c4f465667936d3936b61fa03aaa388ce807ae8e7075245a5fca2c27ba3b905574b8c6e30424

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          61KB

          MD5

          ab2f8dacd501c6e8883c076997dd28bc

          SHA1

          3f522e03a5ac17a43ca5de0733f573b78238d0a5

          SHA256

          4c6168aa0f7fe378a91c5341e9e2e946d8521dbdf33f94cfd7fbbf83f26f34c3

          SHA512

          0a7b92979929bfb9d3f06cb27f8456b95889e2348552103c1c05edf95f44c6e27254cf4cf5177af12e85fb8c78553c814b37223c437412b2f1af6062887d227e