Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29-09-2024 04:36

General

  • Target

    f81dd7c26a9d75f0d46bdfb443a68d1113f09c118a36f1f4d1ba6a31a7fcd442.exe

  • Size

    101KB

  • MD5

    1560943c860caf8b388f55796af05b54

  • SHA1

    4ef1940e0fef20dad9673de9701b317a3f0ed4b9

  • SHA256

    f81dd7c26a9d75f0d46bdfb443a68d1113f09c118a36f1f4d1ba6a31a7fcd442

  • SHA512

    f9bed73dde71ebdae4c49937ce54c37596ab6c2ea923114b5cf9bb649c43895abf57d3b44b5a52a7413edbdcbfcd9fc8cbf826883d57e98b3f624d5ec8a85833

  • SSDEEP

    1536:V7Zf/FAxTWoJJ7TTQoQIRUTW7JJ7TTQoQIRU:fny1oRIR7oRIRU

Malware Config

Signatures

  • Renames multiple (3443) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\f81dd7c26a9d75f0d46bdfb443a68d1113f09c118a36f1f4d1ba6a31a7fcd442.exe
    "C:\Users\Admin\AppData\Local\Temp\f81dd7c26a9d75f0d46bdfb443a68d1113f09c118a36f1f4d1ba6a31a7fcd442.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

    Filesize

    101KB

    MD5

    b5e6d86caa678a6f1b9cb3b13feab90f

    SHA1

    2c4c0452d57a631d2c9f010a7fe61221ef185cbe

    SHA256

    dcf2b1cb9777c96483c27ab19822c78e2d6710418c5ef00a76a92568dbd7c944

    SHA512

    8fb35bfd83c09da5bdfeb1facaab38642a430b3b94c12d46791b7a0c161ac18684f305d74af0444abacc6d4a5a1620ab66af664293b2a3c9c808064e2f635b71

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    110KB

    MD5

    7a1f2c53a069df31cbaf2da0a676bbd0

    SHA1

    0480c1da5dfa4d0702fb72ff19bae2d9bebcccd5

    SHA256

    87a4fc9720c14fe9e9acac113adc27c526c7e77e6de62cc9f22d129966f88ff9

    SHA512

    32991a2b175dd26f875c3ca44aff17e0023749258b478f7b95d24cdf17c57f7e5cafa4a78904006641203442868a88aaf175e77a3fd235a1a1da9d6c989af88a

  • memory/1944-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1944-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB