Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 19:35

General

  • Target

    0c8e66e0e5766fcfd2f21504f895c6711c06c3a4077b055c60d4c1def99e5497N.exe

  • Size

    47KB

  • MD5

    cb4c6fdd7da4e7fcc39807044050eb10

  • SHA1

    5ed020fb92b763275e6048c1c4713cfe51ed5843

  • SHA256

    0c8e66e0e5766fcfd2f21504f895c6711c06c3a4077b055c60d4c1def99e5497

  • SHA512

    06e625e912106b84083eed247fe033207bb60ebed69fb8533327ff52a36a67b4cf25eb3341c1fa121deb19b5554e33e918b0997b4de0d5239dca2e388fe02afc

  • SSDEEP

    384:GBt7Br5xjL9A7AgA71FbhvnIH2YsTKnKqtaW3WzlQ:W7BlphA7pARFbhvOsTKnKqtglQ

Score
9/10

Malware Config

Signatures

  • Renames multiple (3435) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c8e66e0e5766fcfd2f21504f895c6711c06c3a4077b055c60d4c1def99e5497N.exe
    "C:\Users\Admin\AppData\Local\Temp\0c8e66e0e5766fcfd2f21504f895c6711c06c3a4077b055c60d4c1def99e5497N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2160

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

          Filesize

          47KB

          MD5

          69b7ac669970bcac86b884436df02740

          SHA1

          871e927aa8379185d88d69fc4e76f7406a48f7ef

          SHA256

          0f43e00998862ead40119b60a51dbedc1e6d618c799e6a7d06be9663ad631ad8

          SHA512

          2ebef3d3c9498d761dfad1859ed43039d2c2633e85978df457e787f11de73ad731bb46ed1a076521731fbf916cc8c149b5ec2936e19eb7ddeed16f396f087740

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          56KB

          MD5

          ec9dd564cf21c15bb61640bc0de0010b

          SHA1

          2b3235403193a26c8eabb419bd0792980900390f

          SHA256

          1fc530e0f0ccbc68541a8bdaddd997e8e8737b91f709e37a7713a92c6f255b42

          SHA512

          81700bb62f672d41a48f57a5b2c20632a483a82a4417f2cab354db3f0d10eda5e7b7e3dd36debe58ef43e5671e240e253c438be1ae6f10fddfa923603dc4ca4a