Analysis

  • max time kernel
    150s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 20:01

General

  • Target

    3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe

  • Size

    81KB

  • MD5

    4d70409e5fe9610c075ede92028b9500

  • SHA1

    d365dd45577be1a86c98a2e97cbbdebe183371b2

  • SHA256

    3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17

  • SHA512

    5f4de5082eb0e8ef4f317d14a7bd6b413c08e402d67ad7b328bacf9995b01a9f317883b6a7c70def9bcd5fd997737c684671f3c9a84e2a4919342ceff7b0ad6f

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LObC8p8f+EA8N1J3DCl4N1J3DClIGpyPw7lbV:W7ZhA7pApM21LOA1LOPBlv6BlvQ

Score
9/10

Malware Config

Signatures

  • Renames multiple (777) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe
    "C:\Users\Admin\AppData\Local\Temp\3050c45e070084fba6647c598d08e96e2280c496b83db7604d09e4a0219a3c17.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:320

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

          Filesize

          81KB

          MD5

          35e7482175f24123bd383792046904d0

          SHA1

          58697f6bbcd4faad3bd1c9480d52fd3b49b28a5d

          SHA256

          abb936fe75e6d02604de8afd7a7b67c15edbd7d4daa8836106d219324438d70f

          SHA512

          6e7e4a13feb619207ac12d01353010fe6188faacc71560d9f8d7caf9016d66483bf0a1ba55fa6f5d2eb0871896cfc3553d3d14602af486cf0cafa4537bbe2318

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          90KB

          MD5

          1b0f6219afba459e198b5b756e392cde

          SHA1

          c79c27815723956e964a6c6527a16e8439a068be

          SHA256

          42e288d04506a1cf299f250cafa34fb3d9dcd1c9fc97e962c78fb1a39c30f47b

          SHA512

          6d7bcc29d98a1ef460e08af4a6f799b876b7595077a40ec3403a253e93ba67aeb598ed1e579401797d1f5fcfb87e5bb363dc17ab6c5c5a89beb7f3e01d4bc48f