Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 19:22

General

  • Target

    6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe

  • Size

    88KB

  • MD5

    d71042b5869cb357925bc60d3d97ee4f

  • SHA1

    1abca5ed793277601d80a3bf67508428f4e2ef8d

  • SHA256

    6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48

  • SHA512

    40d45c5730ec9c0edbc5cb1b3866cdf1fdd565ef466e42a550d59040cb7620c183c9074baa45e1b7556997acad37f7569703080f57ea3ec025dd27152cf875d1

  • SSDEEP

    1536:W7ZppApBULcfpHLcfpyDj7ZppApBULcfpHLcfpyDW:6pWpBwchcwDBpWpBwchcwDW

Score
9/10

Malware Config

Signatures

  • Renames multiple (3522) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe
    "C:\Users\Admin\AppData\Local\Temp\6054652d90d8cd78697f94c1d89f196d6c182f6fcf4c63f8741d017b9f88ff48.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2072

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

          Filesize

          88KB

          MD5

          9d5d26536abe787a4a954bccfe2c8d2b

          SHA1

          0887a3a27439e6f7ace8c9f49945fcf70fa54bd7

          SHA256

          b13fd5d6ee3d6a303cf8013ff3c4fd25ede7ebd540b6b10c1578e602ed4ce85f

          SHA512

          cb5c03881f8415c19196372dff1c3b3ba805bf4914eb10b124461e7287c970b5c609ad53ade93178f83bbaa9226307e289a02f818e58a53971a8cae8643e10a4

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          97KB

          MD5

          eebdf9595237bdfd01dd70f0539de883

          SHA1

          5f2a349eea34c910d7ae45ad2a36a75465f18a88

          SHA256

          dbea1a6e8bc38b26c07e98cfc12ccc6ceea9df38fa7208038acf6ff41762cab8

          SHA512

          073484a9a0c289d35fa3f939c5b3130bed34cd6ef419a0495842c7859434f8aa9f11c71e83ca6bd952c781aa20ff6294e699418d8e60d554133645d4d4c5713e