Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 19:24

General

  • Target

    1d691141705a3d5591c099e7d4b0709bdc4b1f46f85a1fbe328858b53f967f69.exe

  • Size

    63KB

  • MD5

    32f0ff4c3f34f63bf06915d99132505c

  • SHA1

    0525e9d92a9b3a453999d90544ea1915df2a8d2b

  • SHA256

    1d691141705a3d5591c099e7d4b0709bdc4b1f46f85a1fbe328858b53f967f69

  • SHA512

    b034f425b885c6e1d90799965f5dce1cef4ec6406f37da04625fb6f4619aa3fa07fbc2f8f103781cfc36dbb3009ed1243afa43a31ea4a37884e021cb4815c3b6

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBHfBo8o3P1:V7Zf/FAxTWoJJZENTBHfiP1

Malware Config

Signatures

  • Renames multiple (3756) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d691141705a3d5591c099e7d4b0709bdc4b1f46f85a1fbe328858b53f967f69.exe
    "C:\Users\Admin\AppData\Local\Temp\1d691141705a3d5591c099e7d4b0709bdc4b1f46f85a1fbe328858b53f967f69.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1484

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

          Filesize

          64KB

          MD5

          eb6f353ca8e1f2b16c0f414598c744aa

          SHA1

          bc124104e92a95fcfb60c13ed2e1fcd307dd2a9a

          SHA256

          91b906602b187764735f8fc85b918606c0d2af71e82535553ca00e70e26f5500

          SHA512

          41a0a2185f0d7af75328cf2e08ada23b84a966b4d00280046c4d7f513b999826107cbbf5aae0535fed03c132eb67934118f88733aab5858c63fb727b58837f92

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          73KB

          MD5

          25c82b65e51b4b74a7dbdfd4f3bc557e

          SHA1

          147dd5775c911f23b5878cb3d3bae0b5d15eb9d4

          SHA256

          171fb1f52ea62575d0121fe623efe379577590da38577d0c497b61ea1beed509

          SHA512

          a91c3a24071c040f13659b2b72cb5122df59859eb653df295b49d5370e865a5220aa38fa408b82431bf2422005fbbfe400b1b338e75c1547c265dc4da89ea8b1

        • memory/1484-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/1484-70-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB