Analysis Overview
SHA256
0b1fb2067dbc1fdecd924051dcbe8413eaaa509e7ce777f7927b4303de3e23cb
Threat Level: Likely malicious
The file 0b1fb2067dbc1fdecd924051dcbe8413eaaa509e7ce777f7927b4303de3e23cb.exe was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (3735) files with added filename extension
Renames multiple (5074) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-05 19:26
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-05 19:26
Reported
2024-10-05 19:28
Platform
win7-20240903-en
Max time kernel
150s
Max time network
122s
Command Line
Signatures
Renames multiple (3735) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0b1fb2067dbc1fdecd924051dcbe8413eaaa509e7ce777f7927b4303de3e23cb.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\0b1fb2067dbc1fdecd924051dcbe8413eaaa509e7ce777f7927b4303de3e23cb.exe
"C:\Users\Admin\AppData\Local\Temp\0b1fb2067dbc1fdecd924051dcbe8413eaaa509e7ce777f7927b4303de3e23cb.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp
| MD5 | 358612e13ce73b7e0c441118c1982134 |
| SHA1 | 8660e7890068248e764ceb229acac218870d23e7 |
| SHA256 | 92f85d67fa06152528344b0683865cb3e7c85f6c0b6ec4bbe0dc5bcc2bbf9a35 |
| SHA512 | 505599d634a993d199b3de2a2d8b56004e19f00ce9694e44799153659c99fe860906671ab029ce561bf170586a520e4c2287b0f5df1ec01177fd24ceef9aa6b5 |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | 2e382e87141dee2f4fdb82f54f95fc62 |
| SHA1 | a1b6c013d9f222c1ed92d49801fde6911b02b9c9 |
| SHA256 | 95faa35b9e0ac3b660ea333673b027a0182c95d9a7775f19404db34f254730be |
| SHA512 | d50bc32e5fdf08e94680e19653781a1af920cf40eaa94bedb2f3456a6582d9fcc9b910bb9c27976823a281ad732e36148eaf5c2fc745cf4dbf0380769fb8677b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-05 19:26
Reported
2024-10-05 19:28
Platform
win10v2004-20240802-en
Max time kernel
150s
Max time network
95s
Command Line
Signatures
Renames multiple (5074) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0b1fb2067dbc1fdecd924051dcbe8413eaaa509e7ce777f7927b4303de3e23cb.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\0b1fb2067dbc1fdecd924051dcbe8413eaaa509e7ce777f7927b4303de3e23cb.exe
"C:\Users\Admin\AppData\Local\Temp\0b1fb2067dbc1fdecd924051dcbe8413eaaa509e7ce777f7927b4303de3e23cb.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.tmp
| MD5 | b4451ce658397c3ef5fbc2b23a0f9733 |
| SHA1 | 93da426758cf72caf0f26a9753bae439888ade9a |
| SHA256 | 7371784677b0e899ea4806cc64031fe06ab4f502d19e0e7cbf0132205856cf43 |
| SHA512 | 5a5c549513aa9b5b70a27f274375c2d0cfbf7d52539849775b948d406b175adee3d0d56825a2b96f2dfba053d70479cd5abd547f1fdb24aac584d8822567951c |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | b4de8428bd57fce4cff696cc7a6114d8 |
| SHA1 | cfb099477184be0b75ff973c3dd931f399d8bbdf |
| SHA256 | b0281e8f79ba5406cf4f76506051056c3f4f0ef8d1811f8db11a7346ccbe8d8d |
| SHA512 | d57fefaafe7819fcd6676e97e6d269c653f8664ae2a4c8361150ae6acccd22ba24b306b2e57a4b9cef916da2acf8dce1a492cb4a70559e8c1e53d31839b61807 |