Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    01/09/2024, 16:21

General

  • Target

    73ac40ab55c259bbbdfe64f16765f2e0N.exe

  • Size

    34KB

  • MD5

    73ac40ab55c259bbbdfe64f16765f2e0

  • SHA1

    611f57132e665754c9eca26f5d6f862e891ba3a7

  • SHA256

    1ba0b4896a78b41ee226d7371738c1869d79a8e6d943b822de58776bbd907d96

  • SHA512

    b19740b1b54f17a983c1a4422ad911becc7b16a295cd6e046a547337d044d862448d5e9d5bafe4817417406e8583efb658926d0cdb18d61a15cc57049ceb94f4

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lv:W7ZhA7pApM21LOA1LOl6O

Score
9/10

Malware Config

Signatures

  • Renames multiple (431) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\73ac40ab55c259bbbdfe64f16765f2e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\73ac40ab55c259bbbdfe64f16765f2e0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp

    Filesize

    34KB

    MD5

    58b1c451b659e5eb1370c3dc1f008525

    SHA1

    e586a72d992182f1a1ecb9a85dd117836d61e509

    SHA256

    6ae52b48ed8cba1951c29077d5eec212dd1e8b11306cd284ab6d59552bdc19ff

    SHA512

    37227548ee97c5d7fc2ebe4938b9b48b93e6dfd25330ba3ce6c87475f6c314248ac61e2fb1f27e7de74bc12d067e15e5c2208025503911f32eac9b626b279442

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    43KB

    MD5

    13af3fcb3eaafc51a43fe2d0a1de8a32

    SHA1

    c25806eb22e157efeef3b358bed89c1d4257e2de

    SHA256

    71972d7e887cf97975ad94208a4a0ce9892acb12ab85254ecef5b934e67134cf

    SHA512

    f1a487d0a4aceaa5a5bca66850f3b92e614c7e1682d8086eb9ad5139e694b618d4c3342a2b95ccdd674fb744e9050ff1a70b9e2fadaa43320e155a573735552c