Analysis

  • max time kernel
    119s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 17:08

General

  • Target

    f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe

  • Size

    46KB

  • MD5

    f86cd6f31bf7dd6e16033f9e1a401d20

  • SHA1

    d8e994b57adccc29fd6c28ab87bedee0e1b8c0af

  • SHA256

    f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814f

  • SHA512

    05087626b2f441b0dedfd8e761583ac4e2decb6a707ccca1f67675dc7862ca6976ceb8f359b7659bee19f71d749d3884c667044afc094a1fdbfdfea7eebec41d

  • SSDEEP

    384:yBs7Br5xjL8AgA71FbhvBfepj3cfepj3KtLJilqGelqG4K66CPK66CuJ:/7BlpQpARFbhq1KtGFGxNCSNCo

Score
9/10

Malware Config

Signatures

  • Renames multiple (329) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe
    "C:\Users\Admin\AppData\Local\Temp\f7e90c1759ab55a647dbff02d069cffe9067ee02190825a0d77aed8f9c6a814fN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2252

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

    Filesize

    46KB

    MD5

    ae23ed9967e0f757d833fe9f5f90f871

    SHA1

    15a694c103fd634ad57c0e1e41134a740220723e

    SHA256

    772512833e5eecb8e897a3e35a9a73db30d352cdc61b95c865c26aa2a183d362

    SHA512

    77181bf470e6bd9a680972be376224ee602d4fdcb84e43c2a0acb6637cb3e899ddfa9c03a5928515409113373b198ee9d01e5a9c2c7818b8538add23295b171d

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    55KB

    MD5

    88b43d4fb6195fc3de6553725f08dd79

    SHA1

    aeae3a6280c1d5c42561fcc144793ec254839650

    SHA256

    b602764d12e11355a28e5c23979af5010c877ba58b1601e4e5a87f34974bde3a

    SHA512

    712749e038f2d3b2f46374f9709ecf555d0412d344b11845845c27909466033a67217ca295936a5e05f43f3c013682c90b00017673abea33794a6ae797e20779

  • memory/2252-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/2252-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB