Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 19:40

General

  • Target

    280581849dde34cb738dc5056029d8da06cff397fb32632375afcd55753f3bb0.exe

  • Size

    89KB

  • MD5

    991db98564233a49a739cf44d88534ec

  • SHA1

    e7cf5512d6d661dc855f3254fd764febab5b81ac

  • SHA256

    280581849dde34cb738dc5056029d8da06cff397fb32632375afcd55753f3bb0

  • SHA512

    26e5aca194770bf7909d183a13753e03502d089d72ee9eba8bd1215794ef75a3ceb17fc080535f1ddc33fc34c5bda740efa3022b0de6170da4d5e82162346589

  • SSDEEP

    1536:W7ZppApsJNg0tdlAX+zq852d1F4V+kw2tJK6:6pWpkuK4+bE1F4c2T

Score
9/10

Malware Config

Signatures

  • Renames multiple (3487) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\280581849dde34cb738dc5056029d8da06cff397fb32632375afcd55753f3bb0.exe
    "C:\Users\Admin\AppData\Local\Temp\280581849dde34cb738dc5056029d8da06cff397fb32632375afcd55753f3bb0.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2580

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

          Filesize

          89KB

          MD5

          e884bed751ee7ba032e0dce6a950c1b4

          SHA1

          219f9bdd741d2b3db8f6ffa0f0e9abf7d0626dc6

          SHA256

          886453dd4594c51b49b60f9ad2986e3aeff1f1c759645b486d5f90be67f1528e

          SHA512

          2d416911aa07c3c21ce90ea26fea22b8a12deb248b2e19bbf721c024ac1903f23c8405c4b714666f85b9bc5f8c28221178246db3c8d602fe266f4d2d97040c4c

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          98KB

          MD5

          2509375cb0fa00c661b9c18501c7783e

          SHA1

          84d2e4294df30e16f11fb8973ba99e466568d469

          SHA256

          7a8aa39ce839ce19ac8e19a0f8612e294d717987c03d3baee2f55af6735463d0

          SHA512

          3cff98be0ec26fac73e827882b24315c2adfebe51b416e6b16362c355e018c4a08009e9abd0f866cff0d4651503da794ce4bb1804b843fd3d3198dd745586d16