Analysis

  • max time kernel
    121s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07-09-2024 11:53

General

  • Target

    fee2092a21c018d2e7d4fbdbf5016660N.exe

  • Size

    27KB

  • MD5

    fee2092a21c018d2e7d4fbdbf5016660

  • SHA1

    e0546a58b6f473350922663544c83a5a9368e0a8

  • SHA256

    fc34c08295f1825e6df37a174400d25f6fcb6aada160ac84c10ecd9300ba8261

  • SHA512

    b91cdb3618425f4f80efb40fd7df90f72dd14a3389dda1d14b22465b8442cde325bcbc7a15c5dac2996ae2b962e25bec919a447ef552085d0659e64e90ab299d

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9Ro+QOViJfo+QOViJurN8:CTW7JJ7TPUnN8

Malware Config

Signatures

  • Renames multiple (327) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\fee2092a21c018d2e7d4fbdbf5016660N.exe
    "C:\Users\Admin\AppData\Local\Temp\fee2092a21c018d2e7d4fbdbf5016660N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

    Filesize

    27KB

    MD5

    f7a35e0e37fb95a84bb44ed6caf88828

    SHA1

    379af7c0e84bb421754542c046943477338cb27d

    SHA256

    262bf337dfd382a223cac49a99375fad2b5a0c510cf2b08fc17ace1a62e08680

    SHA512

    e595b385e18adfc616b20983144141db148f7a2374d86cf2f1c9292d921e05be430c64190048a793199c173b72c7b037b4bfdb555572b73c581b3be53d2b42f3

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    36KB

    MD5

    bccb71fad4bb41ecd59093dcd3d9afe5

    SHA1

    5b72f3d1658d977a0d560171aac7baab21219420

    SHA256

    44c6aa37763541d20bc6485ac993f5d1bdb5b8055c8c6fa77866f4ed3a81274c

    SHA512

    65582419f52772d5f82d37085bf2ddc8e85839ff276ec4a2469577bfec4cef8e5aa27ac3affb904a5877fdcf2da7b3b34a6570acb4047a8f47a07869ef283896

  • memory/1320-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/1320-18-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB