Analysis

  • max time kernel
    150s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/10/2024, 08:47

General

  • Target

    3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe

  • Size

    48KB

  • MD5

    0160e0c4d9b4a3b829adf2bb49998660

  • SHA1

    d2a5c6ffa5a46cec8f538ce034778fbcf360a3bb

  • SHA256

    3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130a

  • SHA512

    7ebc36836747572ab24b197eadcaa23df8ebfce8f63111d6f6e088fdf0adb647acf0fbc166dfbdc9aebb438462d3b268480f98edbe4c0af87d1b5ab9c7a7b48e

  • SSDEEP

    768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFeK5c5jm7Hf:W7ZppApBULcfpHLcfpyD56Bm7Hf

Score
9/10

Malware Config

Signatures

  • Renames multiple (1371) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe
    "C:\Users\Admin\AppData\Local\Temp\3bd88493d654079404808fa079dd670aea1d54c79d4a0f26418918b915a2130aN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2656

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

          Filesize

          48KB

          MD5

          746d3516f2b8a2a40be08e995dd994a9

          SHA1

          fdf558ed7c3132482d2618c56fe1972a4b9d2371

          SHA256

          02ab504e11e7678096130bc2cd0e8dfe7ae763d3869eefea2cea9c8b906c4904

          SHA512

          8c3df55a499028dd1dcbb1df175aaed387515400a4b2dab32221097559293a80991cc269d30ef8caf82c9ad30df689c3c4d3687af8848ddd11151ea85c6d658a

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          57KB

          MD5

          0954ad795f1db9371e39ee9e048f6f1a

          SHA1

          309c53163aeca7d92fc4972603d6b7eded1e7b50

          SHA256

          0f6d640db811d9bdfef3664b52e10661a72407553ab566cb23a1977d640ccdc6

          SHA512

          bc839ae32ce69227c9bd159729c6bc2f0b3a0e558fc85c4b0c77b3b44c42414d4659ea294cc368d920e2fc579cef17bd1f2a3102eab50928336d473ff894915b