Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 19:46

General

  • Target

    2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe

  • Size

    45KB

  • MD5

    66360ddcb10cb515ea6659cb23d524f2

  • SHA1

    c3af28bbfe728ed256a13ae5f6cd72f47adff57b

  • SHA256

    2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51

  • SHA512

    7e0355084a490f0735ca05051c9a520e8e98ed356bae556a01b9421636c8cdd4e23c2457feb378f2dac2a7a6be401a7f93994ec1a54c6da721a8872fbda842dd

  • SSDEEP

    384:yBs7Br5xjL8AgA71Fbhv/FzzwzgTAUAcfqg7Z:/7BlpQpARFbhNIg3

Score
9/10

Malware Config

Signatures

  • Renames multiple (3824) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe
    "C:\Users\Admin\AppData\Local\Temp\2dec01aa7ff47527cf96b0dffd7b8eeea41244c59312af967461dfab0a08ac51.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2400

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

          Filesize

          46KB

          MD5

          98f8cd87c5401be067136525325bf5b4

          SHA1

          f9041eb3cf3ee9433e5da5ec6c27047f569a19b5

          SHA256

          f0a86b656539ef4c37f8625cd1a328d991f06541cb3972c8a43a244d8009d726

          SHA512

          903d9a11f9dbff5c187fe20d51ec697c390ec0ccffbf554330dcb123b55999b05a07b346aa66479d1ad4efe4192db44d01878e60ce71d409f69b1817f6189b02

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          55KB

          MD5

          2218429b188f9c87b287a21bb268750e

          SHA1

          a3d2220889bcb1bff3272704d7cabed79fbd2cbd

          SHA256

          d6e6f584ff152208a6b39237ee2ed312f9577ff29b8c89bfae714794808d12eb

          SHA512

          53dc82dcb672f8b337b51e947691d1b0411a0f5793d73fecfdd7ef63831e99a0f717d6abf5d0fd18121b63bdf008a897f5555c974c58f469cbbd584eb216f264

        • memory/2400-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/2400-74-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB