Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 19:26

General

  • Target

    0b1fb2067dbc1fdecd924051dcbe8413eaaa509e7ce777f7927b4303de3e23cb.exe

  • Size

    52KB

  • MD5

    8cb805d1b9304a13e960362411e40dc0

  • SHA1

    0177c1c3e3a0dfc62578757670621044ff30f972

  • SHA256

    0b1fb2067dbc1fdecd924051dcbe8413eaaa509e7ce777f7927b4303de3e23cb

  • SHA512

    be654332f654bc8ca8ca62af7a31d2d06ecd4f62890d6af5f2f604c6b585553d2cc8ffd5e7e58ee77874b6757b69c6050f2f975ce7e477d1db72200b93819303

  • SSDEEP

    384:GBt7Br5xjL9AgA71FbhvuNBNQFrs0AqAJwO1AqAJwOfF2JouP2JouQw5A5+w1t4:W7BlpppARFbhHFoqAJwBqAJwRJofJoT4

Score
9/10

Malware Config

Signatures

  • Renames multiple (3735) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0b1fb2067dbc1fdecd924051dcbe8413eaaa509e7ce777f7927b4303de3e23cb.exe
    "C:\Users\Admin\AppData\Local\Temp\0b1fb2067dbc1fdecd924051dcbe8413eaaa509e7ce777f7927b4303de3e23cb.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1600

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

          Filesize

          52KB

          MD5

          358612e13ce73b7e0c441118c1982134

          SHA1

          8660e7890068248e764ceb229acac218870d23e7

          SHA256

          92f85d67fa06152528344b0683865cb3e7c85f6c0b6ec4bbe0dc5bcc2bbf9a35

          SHA512

          505599d634a993d199b3de2a2d8b56004e19f00ce9694e44799153659c99fe860906671ab029ce561bf170586a520e4c2287b0f5df1ec01177fd24ceef9aa6b5

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          61KB

          MD5

          2e382e87141dee2f4fdb82f54f95fc62

          SHA1

          a1b6c013d9f222c1ed92d49801fde6911b02b9c9

          SHA256

          95faa35b9e0ac3b660ea333673b027a0182c95d9a7775f19404db34f254730be

          SHA512

          d50bc32e5fdf08e94680e19653781a1af920cf40eaa94bedb2f3456a6582d9fcc9b910bb9c27976823a281ad732e36148eaf5c2fc745cf4dbf0380769fb8677b