Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    01/09/2024, 01:30

General

  • Target

    41655a1e9954303ec5afe9452dced220N.exe

  • Size

    51KB

  • MD5

    41655a1e9954303ec5afe9452dced220

  • SHA1

    9a068c2f584ac7886f81540676147e9d2eaca19b

  • SHA256

    31b7bd1ddb63dc340083afe612ce4320b4296403e79784f1ae5c5ba6ad1cd07b

  • SHA512

    5ca7f92b8c546fcaad68c97959b2c2f1bf0552f520a10983fac1a614f62d014638c8ef1daee4db4c81cd6bca8d00e6978876bb19571d9f572eeb5b259995aad4

  • SSDEEP

    768:p7BlphA7dASbSLJJBZBZaOAOIB3jM2jMO/vY6q/Gum/Guj:p7ZhA7dAxJJB7LD2I2IGYM

Score
9/10

Malware Config

Signatures

  • Renames multiple (2841) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\41655a1e9954303ec5afe9452dced220N.exe
    "C:\Users\Admin\AppData\Local\Temp\41655a1e9954303ec5afe9452dced220N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

    Filesize

    51KB

    MD5

    433eac246565cf564d72f052ce3ce35e

    SHA1

    2180c93d5798b88d991948d8588338bfaf234512

    SHA256

    b4272a4c84e18b40da186e7f2df06fc6ace3dbe1aaded0c3cb3e4d01a6c4ee7c

    SHA512

    17e5c48243e48c8d2dd1b2184917e09e78e6f066017315aa5a9a4f2a3510f12452456c7136593ff039fb9ad62f0922de7d30a1ed93f8aece1f57e10b8fb11318

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    60KB

    MD5

    50c187c7ad8a690e14a8de9a4749ad35

    SHA1

    d9d49c6d144b4cc6d841acc47aeed29c19df9119

    SHA256

    c7642edc6cb4a2e8c31ad8bbaf592aa3d48d0a9287b7c5a94a79377fb01f21f4

    SHA512

    f1f8d94bbb6b302f8dc41c1ed1ee4edd70c9fd3e58961b650cce42d7cdbc765604b282f7029160fcb0c908877169b79bbb13eb1efeb231429aad79f7cfa36921