Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-09-2024 09:20

General

  • Target

    147269f8da8a8ebb25eb5528ce1ea10dc0cddd5ec3ddca904b0082828805cea4N.exe

  • Size

    42KB

  • MD5

    b8f3dabfbe6548176c3adf739e9bce00

  • SHA1

    2f9a78e0f94c6cab22ce088cf117ce9870e6bb20

  • SHA256

    147269f8da8a8ebb25eb5528ce1ea10dc0cddd5ec3ddca904b0082828805cea4

  • SHA512

    f06cc1b8624086c60175f5e3f506a0dd8864d1c99a8904cc1b3b781ebe528c0a4c01aac3787b7601e45c3f0809f70da4edf12f9edf14824bed08669247340556

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcwBcCBcw/tio/ti6YIV101EQd:CTW7JJ7TTQoQcQd

Malware Config

Signatures

  • Renames multiple (3273) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\147269f8da8a8ebb25eb5528ce1ea10dc0cddd5ec3ddca904b0082828805cea4N.exe
    "C:\Users\Admin\AppData\Local\Temp\147269f8da8a8ebb25eb5528ce1ea10dc0cddd5ec3ddca904b0082828805cea4N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2980

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

    Filesize

    43KB

    MD5

    1467c93568fe47877cf99e7170ea6364

    SHA1

    45ad0e8d82fef2b42294d9b287285421d7f78132

    SHA256

    671a2b71d758d62a6f7a11f2e20f35a3a525aff17da327d23dbbb0cd8d2efb9e

    SHA512

    5e4f0e29fffa18e6db3de2756596e9ae9930a6d11201979a04b5def6635c81f620927a357490789c78a8aa6aa883c76ec8c4300170d3d6a25608355d63841ee2

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    51KB

    MD5

    2e281adc7684b56a1be22ab5d8ba6481

    SHA1

    1349c0863e5b81d09d11d852656e7fe0ea986cf2

    SHA256

    c89f4df9372914801d4f2f5f253ed3dce86e4950db5900e7d3be3da78703e3db

    SHA512

    01a99b6109c27be8d5ea00df74fdcfff34b8040dd3368cf5ed40bc5743d417c298317eb56772f1f2a43db2496fb2b3aae067b14dad98b714b5c298ec9581529f

  • memory/2980-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2980-75-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB