Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 19:50

General

  • Target

    408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe

  • Size

    40KB

  • MD5

    888c30056a580894075333fbdc4f1f10

  • SHA1

    f2aa50e0d7219fd7a57a4155231eb9eadb086807

  • SHA256

    408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0

  • SHA512

    f5548837d27d5208f93c06a5ef421c55f4c6444bce82be6628be9db143a96cebd61f85d0cf758bd33e17aef696f17af1f038d0306fcfdda5ff2b95d3968c2f2e

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9Hx3R9pi1xOR9pi1xy:CTW7JJ7Th9ko9k2

Malware Config

Signatures

  • Renames multiple (3773) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe
    "C:\Users\Admin\AppData\Local\Temp\408d72d193996c83e543b7243c0579d562a1e42ebfbfeb683c2348265d9b7de0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1508

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

          Filesize

          40KB

          MD5

          3d5292d0f581758d3960f6cb83306009

          SHA1

          4bc5a7261c64e24e3f4b61c30528c4cd34598659

          SHA256

          5452b0538fa5822341991a5a8e608c567364c9cd0aabec64694259fc4b604136

          SHA512

          026e227dba882c9c564012e635831f693c2b6b53ac49aec82de5a3b3d874612d76ee9d22e9a12a9b1b2d79e0d9c084eed5547de5cc7012ede9035308acbe1a0a

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          49KB

          MD5

          c9aa941b69f5ed1f5a9b6f05f3984478

          SHA1

          eb04d0a3708876e20ab9fb1bf34663de32f902a4

          SHA256

          1feba0a8163340d22b49575d3499c9b7f05d345aa19feb98556a5542f9186df1

          SHA512

          e81fedd24f48df96c0de64652092f198518f4e9cd519509c5d5b5c30144000d16042317295f7c43e7f0080ac74af9f86881836e034e7d975a024fff4d3a142ec

        • memory/1508-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/1508-75-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB