Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    01/09/2024, 11:05

General

  • Target

    c6cf5996b18290b16a9e46bbbd9e9e90N.exe

  • Size

    43KB

  • MD5

    c6cf5996b18290b16a9e46bbbd9e9e90

  • SHA1

    830655cb59afb7c46bcd3c38fd08af041b94e30b

  • SHA256

    8d946a5896de79041fbc3714bf4011a02c40b480da9f5ba31cb849e31bcfea4e

  • SHA512

    f94aa70c7ff3ae48d2658c927d427638944e012e4e7c6472bd2d17e2ada8a1c643369f500e2c28c9b446f890964751c691fd2d9de37a72f2f0385ec2b079def0

  • SSDEEP

    384:GBt7Br5xjL9A7AgA71Fbhvnqj7jU7ubTAgpbuvx10AaIdKB7ubTAgpbuvx10AaIj:W7BlphA7pARFbhL801VvM801Vvv7cYR

Score
9/10

Malware Config

Signatures

  • Renames multiple (3212) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\c6cf5996b18290b16a9e46bbbd9e9e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\c6cf5996b18290b16a9e46bbbd9e9e90N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

    Filesize

    43KB

    MD5

    9080f5f32e767bade03b034d9583c1b9

    SHA1

    ea135310f6be276e32a85aa12a480f11c330c212

    SHA256

    ba4ee46da779ec7ccee39ccc886a9b5e24afd91426e2af740c0adfee62a345e2

    SHA512

    eef39fe94b3ff8465154edc5d280ed526fe6c8f21a8147be3d310568a3fa7d05a392b535dbe423b0dc0ec7b11b4adeee62041a36bf0a9ce4a3d1f89830ec2be5

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    52KB

    MD5

    bb882b7d74b3b2acb62ddd39d02dd64f

    SHA1

    d999ff3fe71b6239632ce6bb6bcb701b9694690a

    SHA256

    30a83d4eea205e79017d38d003d43ab38f4fb8f8cb10104f4e94ff5cfdf3b3a9

    SHA512

    8645e44c313ee8c69d42fb41903a74e4ec87f7b28db98444dae0a461c4fe32a7ade3f855ee478a744a46d31706542cebe4608300676bf4a90ae4193f2a45ba57