Analysis

  • max time kernel
    120s
  • max time network
    21s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 19:33

General

  • Target

    ec17bd5a1137d757c2ad04d84afd1d2490a8d516279df71f9acaf56d791df373N.exe

  • Size

    76KB

  • MD5

    337db66c9b14cfc952d3fa46b5cd6270

  • SHA1

    799c58de07cdb63addab128f230ccdcda900194d

  • SHA256

    ec17bd5a1137d757c2ad04d84afd1d2490a8d516279df71f9acaf56d791df373

  • SHA512

    1563d8adf25683178e99cb05b825d8a3cb739b2380066f61c7be0a68595087defcbc44eb2781e70059c0e3741f27d41a93e9c78af9c1d87b14122e9c1e2aa93c

  • SSDEEP

    1536:V7Zf/FAxTWoJJ7Tx4PN54PNvpJzpJ0+LG/H/yZGMF:fny1EWJ3z30+LG/KZGMF

Malware Config

Signatures

  • Renames multiple (3257) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec17bd5a1137d757c2ad04d84afd1d2490a8d516279df71f9acaf56d791df373N.exe
    "C:\Users\Admin\AppData\Local\Temp\ec17bd5a1137d757c2ad04d84afd1d2490a8d516279df71f9acaf56d791df373N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2668

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

          Filesize

          76KB

          MD5

          ae17117022cfb0a74f108199a3d34b91

          SHA1

          e93a99e5a76c6aba70cc68edb436c195dda9508f

          SHA256

          2ab3e343fd9d9068118ceb8d6a707d10e0069442c49409e0158e2d2f67a8a620

          SHA512

          f15a896a75aa2a819b2f4e52f9d25dd29e9ff584d36274289233fe30a0a29649cbdeb09252599bff9b2ce62ec96b2aa901859743524edf43b9d3198527d4e76c

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          85KB

          MD5

          a4e57cac7fdf225320ed494bd19019c0

          SHA1

          e9f6f59ca82173ed4b521b3f5e4405cb20a6f127

          SHA256

          e96f2b62dcaabfd2056115454f0ebbd73a1c13847bcce3415d9cbf414db07ec5

          SHA512

          923f104de9c258f87bb997796eab5ac35b566aa5ff734a01216cdd03bd3307b3db3a6e98637d70da1f85f46bceddf66762b6bc13443014d45116609876a55c9d

        • memory/2668-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/2668-70-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB