Analysis

  • max time kernel
    149s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 19:28

General

  • Target

    5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe

  • Size

    86KB

  • MD5

    535a892f183696183757d58c8f4fb276

  • SHA1

    c4c8f13ab24bcaf0aac30b0edce1b8b872993175

  • SHA256

    5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb

  • SHA512

    32eb8cf7c011b26302d6a5b16604fc295327a0bc0527bf5125201940394bf2442fcec1a363e607403131a97502f640bf725f6d89de5ad859a225caa405977816

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8IZf2XcqvcYvhn:KQSo7Zf2X3

Malware Config

Signatures

  • Renames multiple (3488) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe
    "C:\Users\Admin\AppData\Local\Temp\5e923671ab244bcff2884aee40ad92d2ffb781316edbf300fecb37a5a58b3ebb.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2268

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

          Filesize

          86KB

          MD5

          c7339f62f781eae1e9920fdfa972b715

          SHA1

          9c36b8834720d94401a8774eee61a7fc39a307a8

          SHA256

          7913828e310eab6f5c11af5d55820548e7d5ee6e4509c4d6cd664f73ccbf3776

          SHA512

          3a91c8152da5768c71c116dc39a5e5bc01002d563b494d826bd4b58b737767cdfff54a6dfde168364451310b086b78a636e26dd67be4725b902a685ff61e808f

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          95KB

          MD5

          2f8994831adbfc5cbe7979b01bada3ee

          SHA1

          01b3abfe297230c6872b0e658aea28d931ff4d45

          SHA256

          bf2a9b6d4e8fc536d5c0d78f08ff98dfaa7ca62d2b84920bebd589cab4410c29

          SHA512

          9c4eec5c5bd34af1eb0c533fe37a2dd043f6e6c8344df70e8419745651ee58533240a348071968231917505d25f5e2f8b2d19f5c58528716b8a492aafcb178b6

        • memory/2268-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/2268-70-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB