Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    05-09-2024 12:36

General

  • Target

    aa8859e521f0be5dd5eccf5570a4a240N.exe

  • Size

    47KB

  • MD5

    aa8859e521f0be5dd5eccf5570a4a240

  • SHA1

    cd57f67e2637f45f148bf743f1ac917d217915c0

  • SHA256

    708b03aa99f83e986bdcff7760e3b94c0d27db88174ce94461923de38cc39f90

  • SHA512

    3d7ec6620fcb82c0efc4b8442ca8f1fda7e00b741df16f5cc81025a2ae4e6cba024727feeb6b793600672bf0af947113df24e0a18fc8dddd48dddcd5e0f0b5bd

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lsSwVEVXj:W7ZhA7pApM21LOA1LOl6vSVj

Score
9/10

Malware Config

Signatures

  • Renames multiple (3358) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa8859e521f0be5dd5eccf5570a4a240N.exe
    "C:\Users\Admin\AppData\Local\Temp\aa8859e521f0be5dd5eccf5570a4a240N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2748

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

    Filesize

    48KB

    MD5

    7e871d6e9e4b6498b0db429afe993574

    SHA1

    44aa6142b52cc08f63bf679073b147fa78a1ea2b

    SHA256

    430a7861e22ff4dde8e5a7087145db3c20d3d7bec33d26a20043f374455766ff

    SHA512

    5746eb113d83a472d2dd94a52d73eee88ee7afdc83c4205d899b117fc8fd25a52b903706e8d81beb1c46bbbbd08271eeb44bc4aec66a7eca61dee1914b781572

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    57KB

    MD5

    885e8b983674f0069482c7c2abec657d

    SHA1

    60d0f20ced736178ee8af8b6c552fab94ed79e05

    SHA256

    64a174d46ca78433724aba5fd902f3c2d143497395a682b062fb58b034e4734f

    SHA512

    7d6c7a6174121bb630f55250d97551aa1f4682455e461764cfa9e06e99b80d3c423c7a9a3acb33c17ab3419de010384bdad9f16e306656209383c61797f95a4e

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.