Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    01/09/2024, 04:15

General

  • Target

    0cfaf9685f530f9b8882c4159275bb10N.exe

  • Size

    194KB

  • MD5

    0cfaf9685f530f9b8882c4159275bb10

  • SHA1

    8ce3ff45b6a7ee4176815221b23cbf63c1ced6c1

  • SHA256

    e7a2c67402720ea8874568a98e13d1b286139f4a1bdd7f9ea7c6d89f25f5cfe2

  • SHA512

    65cad80357b50811569daab6261aed49788ce1e9085a4c0ea3f53633b6902a59792ee091c83ff149fea7599910d66f52b864f464a0ee71e1070d05185da16a37

  • SSDEEP

    3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0lBJTzkz:RqKB+tOkWKR0iJ0lTzkz

Score
9/10

Malware Config

Signatures

  • Renames multiple (2691) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0cfaf9685f530f9b8882c4159275bb10N.exe
    "C:\Users\Admin\AppData\Local\Temp\0cfaf9685f530f9b8882c4159275bb10N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2608

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp

    Filesize

    195KB

    MD5

    9b5320935a539cfa0ed0382f2eb03e72

    SHA1

    9bf346a32071320c1c5beb78e7fcf436f21b169d

    SHA256

    70e2320799126dda1d9cf0b108ff21c3c2da017b43941731c00c09f26c7e6144

    SHA512

    005bc7e56c31863a302dfb6ffffd4f5a13bfda8467982e65faefd2824f56929250b0d4329760344ea0aed589dd7340113af6e7acb1d181ff49f8b78862ec20e4

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    204KB

    MD5

    2db9c8388cacd8658655c749a3ae4af2

    SHA1

    aea4122a1a3b4e8aefd66294add924ace04e9cee

    SHA256

    aba41155f46a13bb4f37cedb94b197b9d4e759e8ab2e5a0bec1eb38552c99483

    SHA512

    367784a718e8ba56e5f12a225a6d4957d186b8d26f2a74f6e4ffd9a06e5e4cb05357a7b0d060251ba849f1d7eb01e28a66b1b68cc1a1c807cec45816fcfa2a88