Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 06:02 UTC

General

  • Target

    07a301317b18347c15fae007799f85f173c19b4238787ac361c4056c521b0ec6N.exe

  • Size

    26KB

  • MD5

    3b8f64203c4e7c0c2ef16712fb37be70

  • SHA1

    54f6ab0756a22621dfbd14b3eab543a6a6a090a6

  • SHA256

    07a301317b18347c15fae007799f85f173c19b4238787ac361c4056c521b0ec6

  • SHA512

    0a4d92afd89ae5e45cc373f69e33f491eb71283fea42625c1b587d8095bf80e11f5c00308a5ca52e4f50f78988dc9d54e5a805c9f3fd315b8562e3ee1a0ed37b

  • SSDEEP

    384:QOlIBXDaU7CPKK0TIhfJJ1Evd5BvhzaM9mSIEvd5BvhzaM9mSsxmMxm9+9gpw:kBT37CPKKdJJ1EXBwzEXBwdcMcI9gpw

Malware Config

Signatures

  • Renames multiple (3765) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\07a301317b18347c15fae007799f85f173c19b4238787ac361c4056c521b0ec6N.exe
    "C:\Users\Admin\AppData\Local\Temp\07a301317b18347c15fae007799f85f173c19b4238787ac361c4056c521b0ec6N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2240

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

    Filesize

    26KB

    MD5

    658e8fb84ece46ece53d84186db5e2b0

    SHA1

    a0479bbf469daef17084bfcd0b4deea0110bf800

    SHA256

    54487f145041b7c2de4aa80c59e5cf2634b064e187395a3ce3bf6c17f244a05d

    SHA512

    f70175f29beebc5d750d98c896b4791d3da11757c00c42dd0b1a9417be2582daf63f5732440d05bd6f0c2b3e737d9968684e66ccbc8bed2b12c3f8d1497db980

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    35KB

    MD5

    eb9bc716681d9322d0662da07c2fdf93

    SHA1

    39c335b8ad00034339a7749c2aecd7b8ee077358

    SHA256

    4026c75fd9f98c70af9665206dabe0f42e268d4a797ef900b29145369c1d67d8

    SHA512

    4c92a3b8a79d3ad49003eae94992d08295367c1f49f7f4f1330db7d35d9ab0ee6976c4508f0570354ab9a24af6366c64571762773e6119dcc394f474c9de635c

  • memory/2240-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2240-71-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.