Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/10/2024, 02:42

General

  • Target

    d099f259aa6d20d54fbffd4c41b5144b8dc01a535166185e49e352cb97441940.exe

  • Size

    41KB

  • MD5

    c0e9e17736307e7179a3cac2fa3050cf

  • SHA1

    171f735f038e39685f47d652e382fc19fd6a3341

  • SHA256

    d099f259aa6d20d54fbffd4c41b5144b8dc01a535166185e49e352cb97441940

  • SHA512

    fe725d5212b9c2a5cbfe6cc19e61d38e7e7b9bac5ebdf15689083dc454b11b31e35fad03496c90fcf9a28d6feb0e4c017d7994ecda6f5329a295c19c21a8390d

  • SSDEEP

    768:kBT37CPKKdJJTUNO/sAmgvsBqSW+QxbDMCAW6R0gsAmgvsBqSW+QxbDMCAW6R08p:CTW7JJTUNO0AmgvsBqSW+QxbDMCAW6Rw

Malware Config

Signatures

  • Renames multiple (3727) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\d099f259aa6d20d54fbffd4c41b5144b8dc01a535166185e49e352cb97441940.exe
    "C:\Users\Admin\AppData\Local\Temp\d099f259aa6d20d54fbffd4c41b5144b8dc01a535166185e49e352cb97441940.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2080

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

          Filesize

          42KB

          MD5

          0e85c7e5fdd564b818d86ec8b2b2cb54

          SHA1

          fbde6cf19b1e77ee4c7a3cc6f49778b8e8f1db4b

          SHA256

          04c596b813ebbcbd6284f0f34583302287e583d9615a8f94376cdc95a8d2175a

          SHA512

          ca7e3ef04be724611ac257872947e37f624ca62b7b096ca12a7a070f18c1f2e7df181427544a7daeb0757bb16cbe67ac38957d9967c94570db17de734da9c795

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          51KB

          MD5

          3adfefac3c3e06207cc9e0365c6497d0

          SHA1

          d6102e7948d47407337677321146abdaf83b7ba1

          SHA256

          20a381dc0898f237481f59c7147402ea4946bb519ca046a24f8510b159c6674e

          SHA512

          b4fe2412881e7a2279062876491ec86799330547496b70a457a21389a6684428e34f16ec31180618ef341b0e37b6e53145f35118137937c1e95b75227f1fb59a

        • memory/2080-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/2080-70-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB