Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 06:27

General

  • Target

    7886f4c3f9060d48694a4419b8ac35e4f12435812692dee25bf89279258e2109N.exe

  • Size

    85KB

  • MD5

    c7f6220eebb7a1715124967c6bdf05d0

  • SHA1

    6681d041350473592e95f0f9f1410d5b3b492044

  • SHA256

    7886f4c3f9060d48694a4419b8ac35e4f12435812692dee25bf89279258e2109

  • SHA512

    29e46f7e4b75c776a1f4d20a9be28a79f0d831e122bdb85143f2d5bbed720d6b853f305bb490444baff7864616845c7b5e088ca126e5085c083441c0de3bd4fe

  • SSDEEP

    1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKgg3wI:69WpQE0zxg3wI

Score
9/10

Malware Config

Signatures

  • Renames multiple (2910) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7886f4c3f9060d48694a4419b8ac35e4f12435812692dee25bf89279258e2109N.exe
    "C:\Users\Admin\AppData\Local\Temp\7886f4c3f9060d48694a4419b8ac35e4f12435812692dee25bf89279258e2109N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2204

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

    Filesize

    85KB

    MD5

    24aca55037c96cf6adc8eac0e0950a67

    SHA1

    fa3feb84a7292beeabe9189bdcdbd0efd3d3ddb7

    SHA256

    8ea45453cac115f11f5c128f5ceca3cf1fb15e3747d7db7f7c6e2481bed44e23

    SHA512

    0c998dcfc7cd7049ee5dd4a3a2060ddca2fdd43bfb46bf9d295fd65fa4f8498046c401936d0a56da5a38379581aa0622b421c1b4357beed4283182f90cb668cb

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    94KB

    MD5

    14ce208c9e6ac82e3927568ead34f7b4

    SHA1

    96ad5a40752478123a1378600c6953d403f9a911

    SHA256

    8c0ea7d1e3ef7adc6136d97d1a1d1452bcc0ff77d4f5e7490529db3f402acf06

    SHA512

    c4b386a44207c51d600cd5347c2763345d598a140fe3fa537fdf3d0b0e1bfd31f4bb88fb79f59114fc0afa0ddf96f5a133be56b283afb9050388649ed31d8c97