Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    28-08-2024 23:41

General

  • Target

    b99926ce7c146d2bc9aed0f598268630N.exe

  • Size

    81KB

  • MD5

    b99926ce7c146d2bc9aed0f598268630

  • SHA1

    ffdb6c0b22a2389327711bc6906ba703432c438b

  • SHA256

    99afec564bd96b0a426ec4bc0fb3a3e56630769917dd8a8727528b63e0b01828

  • SHA512

    4f320f5d9ed5f5cee06a73eb24cc7c80168d88cb8ed1ba77c1efb6ac0d531331cc3eff116e9261173caa6443003742e8f3caa03202dcfaaffac02956c4a84867

  • SSDEEP

    768:/7BlpQpARFbhiWb8naOnaBqr8WbTr8Wb/:/7ZQpAp/EaiaQ

Score
9/10

Malware Config

Signatures

  • Renames multiple (3141) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\b99926ce7c146d2bc9aed0f598268630N.exe
    "C:\Users\Admin\AppData\Local\Temp\b99926ce7c146d2bc9aed0f598268630N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:384

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp

    Filesize

    81KB

    MD5

    7da796fd1aa18b8c8d518e8f549b4334

    SHA1

    14c07bcd6ebf9651c829849f5e664bcf471284c5

    SHA256

    c5353617021fc9cf137bd0dcafbf3fee9946af9d1ef302998d3631b633f0ae1a

    SHA512

    19cbced647d67e67c52a053004db67ee26c52a8097cb50b3bec6aa2e10b531f7924c580be53e8c9968bbf0e1fdc71b1dc7062698d660fe1ccfda5b0483ef890e

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    90KB

    MD5

    58a29442f6691aef163972890721e7cf

    SHA1

    e1de6ab4d363a7c81706917337bd3b00da28fbeb

    SHA256

    08f76dadc125d5f86b4ce6ea02c028fb325c7014580fed2bb6183eacab21d178

    SHA512

    cb8b5951b82bda5fbb07bc1a212a36baabd6a317a4bbb64a4e6bbe73b0fa395177c01eb7f1f5d90287d5405a64e3d68bbeedf870b471f7709963b0b03ac35e57

  • memory/384-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/384-74-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB