Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/09/2024, 18:23

General

  • Target

    f0adbc2ac967656d0e9ff90a4a6c9130N.exe

  • Size

    48KB

  • MD5

    f0adbc2ac967656d0e9ff90a4a6c9130

  • SHA1

    6d1e79313309929a3ddf013e1326e3fd32b82604

  • SHA256

    89952e91d04a1ac393a8525c6f23a27fb810d39c37e425c9cde0ac3f90f66da5

  • SHA512

    37301a1958c31a4d5d15b78b3aa7cdaaa30d45f416d751dd0216dbdcba7118233a48f1977dbb800ff10fd3c45074fe9be7111b8dea923d65e03c75618f57e4a5

  • SSDEEP

    768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLmuH9uHVoX+OEiJfoX+OQ:W7ZppApBULcfpHLcfpyD9uH9uH28mW30

Score
9/10

Malware Config

Signatures

  • Renames multiple (3396) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\f0adbc2ac967656d0e9ff90a4a6c9130N.exe
    "C:\Users\Admin\AppData\Local\Temp\f0adbc2ac967656d0e9ff90a4a6c9130N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1600

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

          Filesize

          48KB

          MD5

          eb7d9aa20516c6bfeec73600afcf27e0

          SHA1

          ec0534927f2014337d7b0957ed928fdb6d7d7c45

          SHA256

          dceff6f3237b0e1c4b64e65a81a3ecb4c736c36b4376131d8b1c2a61203f9d40

          SHA512

          062c99e7d42ae6df1aeaea0aa224c3d2a47413b262a861da707458096fa10a8bf3d1ad6007e0e4d526b09cc0f2953586ebf8b14004041511760d115e1659ccc3

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          57KB

          MD5

          647e2d48c64229696774da6277ec10a8

          SHA1

          fecf44a60538ec16c4838098f9e0322b7d03d3cd

          SHA256

          5ad8a4cdb3a85d30f039a4d830a9de51174eb5dfeac4fd51bdf9b01b7c9d13f3

          SHA512

          033c38e35e37162140225780bad68a03aa3f1ef17f00059839ce03dcb37f4825a7dcce04965ff8a4dea417805c057da2014dca7b4128a38e731ed18e715223dc