Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    05-09-2024 12:23

General

  • Target

    52420c7d059e665acb1ae40390b7a7b0N.exe

  • Size

    59KB

  • MD5

    52420c7d059e665acb1ae40390b7a7b0

  • SHA1

    9083008e41d14367b34aef05ce3190a64bff51f9

  • SHA256

    5aedaaf2646e0dd0d30df072f68bb8ba61b76f29d2fe5d2a33849d9e82b60229

  • SHA512

    1f20dcc5d498fdf15369210a4173a7bcf948f7d21dda5187b4942eea9749421a6f83e030a8c721a0edbc7fc112b1290935b7b6bcacd4813a9cbe6edc18555bac

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNydWK9WKF9ADJ0:V7Zf/FAxTWoJJZENTNyoKIKMy

Malware Config

Signatures

  • Renames multiple (3193) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\52420c7d059e665acb1ae40390b7a7b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\52420c7d059e665acb1ae40390b7a7b0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2136

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

    Filesize

    60KB

    MD5

    42c4ce25eed894e0d06d89b6a70bfd5d

    SHA1

    b847c2961b4140ff04eba3d7f39f031d4e085732

    SHA256

    7f2392371e51f6fee2b7a2e85ed30426c681bea0d57b59114619cc55a3c6e558

    SHA512

    d692193cbd93883a42cbca8e6e358f5f38003b6affc36b8b5e7374d633058da7d332153b9ce30a8f7272bf152fa4900ba0a853c61236700318a2591514e42d2d

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    68KB

    MD5

    d7475c7ff9ccf7be989bfa40af117062

    SHA1

    f07f9e9d467d11d9b18c28fe16371bc9dffeaa1c

    SHA256

    d73366b541252ec95219072627a006bd914bece4d9a5071356d82d2dfb1b682f

    SHA512

    7fdfe9e52d94e7ba36bbad8ec4cb524e925fcaca7674c2b14f7322dea1a8a939fdd0f420de41dce5a1e1f9735db4e6a9d3b0440c69c9d17a22c69072b65bb0cb

  • memory/2136-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2136-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB