Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/10/2024, 02:42

General

  • Target

    429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe

  • Size

    36KB

  • MD5

    92db6ec56ef5ed36efe5c3a508189a20

  • SHA1

    984ff854a3798f2bb67214e354ed2ed4473dbb3e

  • SHA256

    429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352

  • SHA512

    868f654b684f383bc699cc85e5fee611e8cd371e9d34c97fd1d7f1fe925803ff7eb71dfa8c4cf0176ffbdded63d25b3ea45e96098f215f2755edefce405af7a1

  • SSDEEP

    768:kBT37CPKKdJJTU3U2lRtJfOn33EskmKs333EskmKs/ZqZJ:CTW7JJTU3UytJfOEfmKjfmK1

Malware Config

Signatures

  • Renames multiple (3438) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe
    "C:\Users\Admin\AppData\Local\Temp\429a537da38b9845839bb83aeef6e6e7fb715b2672d750fda0129a12a0562352N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1152

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

          Filesize

          37KB

          MD5

          eb53aede7a0a506c063b92e296a036bc

          SHA1

          4d01e3debd318af9cfced6618f9d8083b227d304

          SHA256

          1646be6745997666074ee7ed87c96d7ed9e9ed38f1890b511e81797fe5b0c3c8

          SHA512

          9fd7f9d975d58bf386a29d5688746f3304c0ce8c67f03fdaadcdae7ee84aa9c6c7da66efc0b1a24724c5ed60ff0dab73d65b77548159ac9f697a5a809b5a6a93

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          46KB

          MD5

          5dd18c0a0d7a25d0bd4ad4a9a86f9c4d

          SHA1

          9d71d1a84b58c2cb381215309c2fb351d9def425

          SHA256

          48425f9472e8caa47bcf55056067686e9775f98f5eb10b9659f6cb66cfc7c7e9

          SHA512

          c880e8859b5a6180ddfa2cbcb2ff0da1b813ad729dcecd6b846d6c49a06df1500a3fc22535ee3f96936789fe07d3f2ab96969e93e8687951725d4c2d69655c72

        • memory/1152-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/1152-75-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB