Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    28/08/2024, 22:40

General

  • Target

    d5fe67e8f103632a10f8a36c7d5bc030N.exe

  • Size

    64KB

  • MD5

    d5fe67e8f103632a10f8a36c7d5bc030

  • SHA1

    870b2f02302f21ef63d2071419f2cbe0b8ab8fc0

  • SHA256

    a6e9a8e9fc326464ab07d71270fcb8ac28d16f5a1f0f1f7c90846705ecc30442

  • SHA512

    12db9c45bc6a9c3e67c09d3e1d1fbac5517bfa58044b29e2a54d264b91f50f1de2aae2a4e1b88e619f3e7ddd86cf2705463e116c37b84a5a3c2bca178866806e

  • SSDEEP

    768:W7BlpppARFbhHFoqAJwBqAJw70EXBwzEXBwOvEJcvEJZzozw:W7ZppApqvZvs

Score
9/10

Malware Config

Signatures

  • Renames multiple (3112) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\d5fe67e8f103632a10f8a36c7d5bc030N.exe
    "C:\Users\Admin\AppData\Local\Temp\d5fe67e8f103632a10f8a36c7d5bc030N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3008

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

    Filesize

    65KB

    MD5

    0c64dbd780cc8b309665d0516cbff24c

    SHA1

    017760a79bf603dfaf5ac2f081b13d02f3ddbca8

    SHA256

    ce01148f29dda8dd6afc823205724ad5ed3d9b97f1284a39fa41d932e0a647d3

    SHA512

    c67926b27784452623cfac66957eeab8e484faf25ea6aa1bb5e690065fb8975c7f5abacae221771d60cfbe82bcddc5ba2ca9029013b55f0958c22b7aeb097a1a

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    74KB

    MD5

    88ec8610ed624dc54e610148a377034d

    SHA1

    f23c5527b67bfd466276d81f390bcceebbb9c010

    SHA256

    d1b6d80b82799e9527d66b70e67e2735d9ea7e018c1a1cfb61c8f49c964f93a0

    SHA512

    3263df542c7a6215d6252748ed36999675b7c95dd74a1781881e524b3b6aaca11a70e9fb9ef13288b08c105a3ece6cdef0fc6e2bbe8286c02cd336db3349a99a