Analysis

  • max time kernel
    149s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 19:39

General

  • Target

    036bae17ebd20b48963ea239df73542ccb526855d4744004e9b46899fef3be72.exe

  • Size

    29KB

  • MD5

    464b21a55dabd603775288482ffdd1ca

  • SHA1

    33fbc0a920f64339b6e718e4b4939e7bd29abe42

  • SHA256

    036bae17ebd20b48963ea239df73542ccb526855d4744004e9b46899fef3be72

  • SHA512

    c6fa72535b06787585dfc62fc890d39644a60503ef10f1c6acb236688143b2b6a1d92bfacdb6e8ac05e75e958a880b8a2f88e85dfb3ea5722e8f5432252855b3

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9yVz4QVz4C:CTW7JJ7TgB4QB4C

Malware Config

Signatures

  • Renames multiple (3754) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\036bae17ebd20b48963ea239df73542ccb526855d4744004e9b46899fef3be72.exe
    "C:\Users\Admin\AppData\Local\Temp\036bae17ebd20b48963ea239df73542ccb526855d4744004e9b46899fef3be72.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1576

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

          Filesize

          29KB

          MD5

          f4930231fae8b52a5ef6e908cfd3850b

          SHA1

          739a081e210217acc6644c1797bab8407bc6aea5

          SHA256

          e6f7f94385054d3c005bfe07d965b7d6c7e58a9b89b7e1d51217918674ee24bc

          SHA512

          fc871a227fb3f655ee002bb743c79b5de61d95765360984ebbe00b9caa2b7df0ad5c34f76df85953c308872c5ce06d55976f18f9008bccb52d9df2fa7a321c81

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          38KB

          MD5

          5baa090feb2044e9ec1b1df47f25a67d

          SHA1

          a81510fab9d5255502e0d9f645dbf3a72fa60a2c

          SHA256

          cc927796c73de7583cae4ea5a7094a08af7c1dc2cb760783431d785ffbc451bd

          SHA512

          cbc711d7fad57a251f136926c4c9e5d3d962e94ae6d7bf469da47c8c645e9f6f7dd05b62b2ea4760458f2ce2d7f1440ca949e18d56037a788617b34632b6ec03

        • memory/1576-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/1576-70-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB