Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 19:44

General

  • Target

    7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe

  • Size

    91KB

  • MD5

    f1dccbdba6847dadf05cdef2ed710710

  • SHA1

    a2dd483e654003e1b042be60693c3ce70e7f3293

  • SHA256

    7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079

  • SHA512

    4d34465c20e4d08d1bb6a12a3fb99622866c5068e105d530dda1f5620fc2df6f42083665e4171717604eda45464c291513d56496e6843a9b43d6772ad8b2b019

  • SSDEEP

    1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBKgg0///x9zK+:69WpQE0zxg4n3

Score
9/10

Malware Config

Signatures

  • Renames multiple (3055) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe
    "C:\Users\Admin\AppData\Local\Temp\7e0242801868393ac2e24c42a980372c3d3653cd95c48e3b57e9fe06e4238079N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2776

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

          Filesize

          92KB

          MD5

          a9d1ca0e8420b0c26ed7ecde6613c95a

          SHA1

          9680287f3fbef60ff3909ca8a30f41e49375c3ca

          SHA256

          e8fedab7da9e071be570eb3c4776a751bea81eea8f522ec392369a586b5bf6c0

          SHA512

          7bd7e0d9b119fb8b0d0085627be06c312e20fb97dbb3ef553de6d9a1cab08267693ee3724203e4d0412a97dbe30570216fcf6df4cb5d431e261a6d04343ad070

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          100KB

          MD5

          00fddf7e1793cbbe1c78798b66108629

          SHA1

          a896c9bfda3db15f3edda844c092aed1c2b2a7a0

          SHA256

          d45f94488cd3534fa1a95fca880bd21bafb693362d77af23f527e2c747ff175e

          SHA512

          dafb084e271b0d32fedad8e43c05637a163b0d364e368888a6b140b423771932d1b2f80ac4ccfa76e7970aa369c439cc170fef0304781bf439c30f4cff373a38