Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/10/2024, 08:58

General

  • Target

    1ae830820411280278896e6c2300de8ace37c35d7d511ec20b3c942d06e74447N.exe

  • Size

    35KB

  • MD5

    04b5851996067f8b5e333e9b5c08e9a0

  • SHA1

    a672aaba53863a2e1bf55309903fdbeb68e40a53

  • SHA256

    1ae830820411280278896e6c2300de8ace37c35d7d511ec20b3c942d06e74447

  • SHA512

    b9f81533b5462e0108263e1d8583c590981b97793276b646c83adc80fcf855ff0e1d24e2befc7408b27bc7551713b5681a9fa7e5ee12e09411f0f5eb2cca3350

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI94690695:CTW7JJ7TuK0K5

Malware Config

Signatures

  • Renames multiple (3442) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\1ae830820411280278896e6c2300de8ace37c35d7d511ec20b3c942d06e74447N.exe
    "C:\Users\Admin\AppData\Local\Temp\1ae830820411280278896e6c2300de8ace37c35d7d511ec20b3c942d06e74447N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2112

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

          Filesize

          36KB

          MD5

          3463c98f96fd796f148f5caded8912d2

          SHA1

          915a3463216dc27c5f35beca8e14ae46c7fb1dcc

          SHA256

          561434f609535cb8906e150d68b34c19593410ffb78be8d0b41eb0be189c835b

          SHA512

          9fa932a73b64e558cf311a20708eafa530c5ce3453b13d7939c5d496e6893bb217da90618306d886cf45cba196e90dbd1cc4546530c20ea2a3398761589d3a93

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          44KB

          MD5

          9edda4b27537eb1bb13b38deeec82636

          SHA1

          0c166a824f2604a1f877726952c75306d84ad625

          SHA256

          5054952ba1af3e2c7126e2650aceaff43c3672e10acf9145e2b8fd3836702d62

          SHA512

          78ae0718b94cc4b10589e9e6e949609b899f8770755a8cf896ff72b8d65bece37503f536d6fff097966d49bc3d62905cc90f6b6a35b07f6cb141d28e4a22ddd7

        • memory/2112-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/2112-75-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB