Analysis

  • max time kernel
    120s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 03:30

General

  • Target

    0b009081c4e6137fbed30b8d29149a8bb44a694afaf58a41f8b2ac3b6c72f9c8N.exe

  • Size

    77KB

  • MD5

    6af4e35786f59bc134b9d6eab9fe5020

  • SHA1

    1a1c1c01f7d5757f41faf2f9acae28edac550db6

  • SHA256

    0b009081c4e6137fbed30b8d29149a8bb44a694afaf58a41f8b2ac3b6c72f9c8

  • SHA512

    ce1361265d11eab12beefc3dcf7e92e01f13eec383f99862448837a50530efa780d85900547feae3a52ba703fe9f1562cd62bd4e7138ca94a484af72136793c7

  • SSDEEP

    768:W7Blp+pARFbhtlmlQ3y3RWvf+wi1x9f+wi1xBTCcX8vgCcX8vSd5hdx8O/Gum/Gs:W7Z+pApfGQ3y3RWvfmRfm9sKsSd5Nkd

Score
9/10

Malware Config

Signatures

  • Renames multiple (338) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b009081c4e6137fbed30b8d29149a8bb44a694afaf58a41f8b2ac3b6c72f9c8N.exe
    "C:\Users\Admin\AppData\Local\Temp\0b009081c4e6137fbed30b8d29149a8bb44a694afaf58a41f8b2ac3b6c72f9c8N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

    Filesize

    78KB

    MD5

    f7e0435dbaa6880bef4e82fc2ae141a2

    SHA1

    21d654f0baed6bcf399cef99204e165f90ebdc9d

    SHA256

    f14dfdfac042041ac3d0b505bf01486c18bdb347e7f6a2ff2ae6f15e38ac3ba0

    SHA512

    ac257647507d92d638ca7010c2baa85fd7ea8848a01e32a30cc1fbefc2fe549a4f0f44bac227088195476375cd1a9d4ba18b5e61448140be92894e1339537bd5

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    87KB

    MD5

    9cf134114d26f21e81c0badbd5001c92

    SHA1

    5af5b7f42891220c6da8ae828cfa74e533ec4234

    SHA256

    802243a29c283d384061d6aa4b3ecb326c250562b49a93475573fb838dc7c06a

    SHA512

    60158f2cabe6d76f351d9c3ace5b607c1ab6591e38dc4f52a94ad87fac4b02ef8defb4e5ab5684680c417beda9e09e049fc5ca4e598dffb68afad2f33b0e9463