Analysis Overview
SHA256
0c8e66e0e5766fcfd2f21504f895c6711c06c3a4077b055c60d4c1def99e5497
Threat Level: Likely malicious
The file 0c8e66e0e5766fcfd2f21504f895c6711c06c3a4077b055c60d4c1def99e5497N was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (4671) files with added filename extension
Renames multiple (3435) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-05 19:35
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-05 19:35
Reported
2024-10-05 19:37
Platform
win7-20240903-en
Max time kernel
120s
Max time network
121s
Command Line
Signatures
Renames multiple (3435) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0c8e66e0e5766fcfd2f21504f895c6711c06c3a4077b055c60d4c1def99e5497N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\0c8e66e0e5766fcfd2f21504f895c6711c06c3a4077b055c60d4c1def99e5497N.exe
"C:\Users\Admin\AppData\Local\Temp\0c8e66e0e5766fcfd2f21504f895c6711c06c3a4077b055c60d4c1def99e5497N.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp
| MD5 | 69b7ac669970bcac86b884436df02740 |
| SHA1 | 871e927aa8379185d88d69fc4e76f7406a48f7ef |
| SHA256 | 0f43e00998862ead40119b60a51dbedc1e6d618c799e6a7d06be9663ad631ad8 |
| SHA512 | 2ebef3d3c9498d761dfad1859ed43039d2c2633e85978df457e787f11de73ad731bb46ed1a076521731fbf916cc8c149b5ec2936e19eb7ddeed16f396f087740 |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | ec9dd564cf21c15bb61640bc0de0010b |
| SHA1 | 2b3235403193a26c8eabb419bd0792980900390f |
| SHA256 | 1fc530e0f0ccbc68541a8bdaddd997e8e8737b91f709e37a7713a92c6f255b42 |
| SHA512 | 81700bb62f672d41a48f57a5b2c20632a483a82a4417f2cab354db3f0d10eda5e7b7e3dd36debe58ef43e5671e240e253c438be1ae6f10fddfa923603dc4ca4a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-05 19:35
Reported
2024-10-05 19:37
Platform
win10v2004-20240802-en
Max time kernel
119s
Max time network
105s
Command Line
Signatures
Renames multiple (4671) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0c8e66e0e5766fcfd2f21504f895c6711c06c3a4077b055c60d4c1def99e5497N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\0c8e66e0e5766fcfd2f21504f895c6711c06c3a4077b055c60d4c1def99e5497N.exe
"C:\Users\Admin\AppData\Local\Temp\0c8e66e0e5766fcfd2f21504f895c6711c06c3a4077b055c60d4c1def99e5497N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 101.209.201.84.in-addr.arpa | udp |
| US | 52.111.227.13:443 | tcp | |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
Files
C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp
| MD5 | 2937c3c501a5f88e1acd32221d7b6779 |
| SHA1 | 91d6ab303dd43ba36729b8b0ffe274114df1cf9d |
| SHA256 | e750c695e84274ed9be42fadd157ceb09441ea3ed2ce59a9b3b4c20a719e8c86 |
| SHA512 | f7b8326839d54ebb90bb4120f5c9c248f7b524ca73c17691001f1a97ca7f51619d761643919523821e40b9f44fe84f2835e18bc5986a931ecfda8482307db861 |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | 21d2466ea08d06b8a90af584188e9f1e |
| SHA1 | 663e3cc948d88e80f1357f27f3370d45bd140f73 |
| SHA256 | 6812f69d86e3ac960a8d94547140de5a71b6b77a0aaff43eeee2e2b4b7cd2121 |
| SHA512 | 8f93e2ec83d985c53c9569e9dc8e837abb3d94e5e5e04e28acd928ec0d89c00525044f1a9c6cdb587b31e8f21eeeb3237d9e35f2d99d5ab60495a8b4fd1c6400 |