Analysis

  • max time kernel
    120s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 19:55

General

  • Target

    f91a3ab4a77e9a360a5f6f7f8cff36b75905526a33e02d167c9665ac99bbe04dN.exe

  • Size

    100KB

  • MD5

    58f275dbd14b3956575a7889c4cc6f10

  • SHA1

    978e51450fdc09850fd76f15b00530333d8d22b4

  • SHA256

    f91a3ab4a77e9a360a5f6f7f8cff36b75905526a33e02d167c9665ac99bbe04d

  • SHA512

    8321ba7bd8be11206ddf9808d3ee884d54f02718ee76e4ccd9cf5391bf1cd043d183db12756ad136fc28a4f138cf75af10677b2dadc7c087b011858ea5a683e2

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxY5jVBChFd7naVF5sQwyaq6ChFd7nab:fnyiQSox5k

Malware Config

Signatures

  • Renames multiple (2922) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\f91a3ab4a77e9a360a5f6f7f8cff36b75905526a33e02d167c9665ac99bbe04dN.exe
    "C:\Users\Admin\AppData\Local\Temp\f91a3ab4a77e9a360a5f6f7f8cff36b75905526a33e02d167c9665ac99bbe04dN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1620

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

          Filesize

          100KB

          MD5

          c1e35b70b2fd170e6e098781d711b8c1

          SHA1

          b9e2acd5296a7d638a0826f27b753f9e74075e4b

          SHA256

          16587209c2784f6176276a49ee0e63743ed2712b72efaf92eabafc347dd4b819

          SHA512

          42882abd277571a0fa5a2b4dc0f74928a0aab6b119227392965312400ec5ec58460e48dc818b281d50f09909ce2ed1bab1862f1e8f5ddc6daa48f78a6251ee2a

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          109KB

          MD5

          43001fdd6fb11b21bffcb0048ff0acd7

          SHA1

          0f3c222211d2cd7c29d38b04b5298c48c41edc0e

          SHA256

          8e8499117e0059b6129fe034192b52468e4c59f5a165c8692085295fc3f45ee8

          SHA512

          5ad9ce54ec49d62dc5faad51d9ddc0b15607c0bd878210834f03fc678e4109023d976a581a1dd58333a15c20b6b6b8e239f28d8c34a1e2554cbae0c8e007d01f

        • memory/1620-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/1620-74-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB