Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 19:48

General

  • Target

    408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe

  • Size

    40KB

  • MD5

    888c30056a580894075333fbdc4f1f10

  • SHA1

    f2aa50e0d7219fd7a57a4155231eb9eadb086807

  • SHA256

    408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0

  • SHA512

    f5548837d27d5208f93c06a5ef421c55f4c6444bce82be6628be9db143a96cebd61f85d0cf758bd33e17aef696f17af1f038d0306fcfdda5ff2b95d3968c2f2e

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9Hx3R9pi1xOR9pi1xy:CTW7JJ7Th9ko9k2

Malware Config

Signatures

  • Renames multiple (3197) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe
    "C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2692

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

          Filesize

          40KB

          MD5

          53be96e722025e583fb0d97b594c7838

          SHA1

          8da59f640b005d9490540a5b589a2e1c7d55b801

          SHA256

          48b8c84eebae9e51bbfd0b09b9716022923e4e9b7d9d4e4b5154b0beda9d3aa5

          SHA512

          30b3ba732018ae24326624910147ba30c41d7398b011b6f3be6fe1c86de7a7adfc9e69e820286a1e239ebf6631a72b0bcc9011dbaad11ecf975ccdb3000512a1

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          49KB

          MD5

          d36309071fc8b804b554a8a168d782c0

          SHA1

          ea2afd3b71ee5f01a5c5c0e65e9a8d1474b87fde

          SHA256

          9e054d9264ee893c26b64032b3a561e59fc68625d9d9755a509487e5821d5d4e

          SHA512

          51ceadab454da597450eb89f09cbab43c1f3bc10b7009c73a6984d02d5ae04a0bb12230d5d63618458b8b3238485d97b8061ca12084770babb217f4c78018074

        • memory/2692-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/2692-75-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB