Analysis Overview
SHA256
87b0e25b5f449401bf0cf0e20c34c07ae2c1da28d37e2fac1a38e9c62aba799c
Threat Level: Likely malicious
The file 87b0e25b5f449401bf0cf0e20c34c07ae2c1da28d37e2fac1a38e9c62aba799cN was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (4677) files with added filename extension
Renames multiple (3137) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-06 10:02
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-06 10:02
Reported
2024-10-06 10:04
Platform
win7-20240903-en
Max time kernel
120s
Max time network
118s
Command Line
Signatures
Renames multiple (3137) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\87b0e25b5f449401bf0cf0e20c34c07ae2c1da28d37e2fac1a38e9c62aba799cN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\87b0e25b5f449401bf0cf0e20c34c07ae2c1da28d37e2fac1a38e9c62aba799cN.exe
"C:\Users\Admin\AppData\Local\Temp\87b0e25b5f449401bf0cf0e20c34c07ae2c1da28d37e2fac1a38e9c62aba799cN.exe"
Network
Files
memory/2100-0-0x0000000000400000-0x0000000000408000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp
| MD5 | af22b30c5beacf71454831796023294a |
| SHA1 | be66d540d9bc7f5da37fa8f8ab45d29867eebded |
| SHA256 | 2be804193f21408bfdfeaf879c27ffb941062015bd58f76174d00ac19bc6926d |
| SHA512 | 8853cb483dbcb457f50c458aee01b1c3a207e76f945ae7c26e19a42330ed5f8e433724a1350d91e3bd1eb559d1948c2e640ec38146599d6f9b913ee2026f8faf |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | bf5c1370c7799eef779da0e9e659a5a5 |
| SHA1 | d4f39fd9f05c2e826d84521242b594f52736ba40 |
| SHA256 | 9d903c2161ea981d51aa06298c1c386e14379f9391ee371e16fd6bc2507b237b |
| SHA512 | 868c6845f684d6c2b786cbb97072c36fac2c1353c29f1daf709d22c2b8ebd388531f50554c4c0efa42f830f49ec402606cf52ee5bcd1f6ca3b930a3028975e4f |
memory/2100-72-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-06 10:02
Reported
2024-10-06 10:05
Platform
win10v2004-20240802-en
Max time kernel
120s
Max time network
95s
Command Line
Signatures
Renames multiple (4677) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\87b0e25b5f449401bf0cf0e20c34c07ae2c1da28d37e2fac1a38e9c62aba799cN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\87b0e25b5f449401bf0cf0e20c34c07ae2c1da28d37e2fac1a38e9c62aba799cN.exe
"C:\Users\Admin\AppData\Local\Temp\87b0e25b5f449401bf0cf0e20c34c07ae2c1da28d37e2fac1a38e9c62aba799cN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
Files
memory/3132-0-0x0000000000400000-0x0000000000408000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.tmp
| MD5 | 3dcb143db0c72b50eba44a59f434e6df |
| SHA1 | 0e9156ad112c3db981607c4bdfe5639d322751f7 |
| SHA256 | e1898867add904cbcf1e44fa0f6f21f607dc0e016afda9c6c28b4122ab1e3cf4 |
| SHA512 | 829be1b9f21fac1b64ef51904991369e15113223b86eafa2e2c3c7fe6e9c965a916e12270d758638f2f2a1dc144ce12d7ba57a84de6c425c9bcf4268147b59ae |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | 33d7688ead1a7c1c792ecbdabdf3ed9e |
| SHA1 | b197bf152ac7ed2bb4518afc21f580cc2d0ab59c |
| SHA256 | 3f29d4a9e96da8c689867de52b9b563b101cfa48421f646bb4a5697fa7a4dcb2 |
| SHA512 | c3f6c17d338d964b4f5504d6061d267ccf642373e20cccc53496cc439d8358ee6f52f36d56f14357d4320c575b3c623dbd3488435f8e9e8389107e429729ed87 |
memory/3132-1010-0x0000000000400000-0x0000000000408000-memory.dmp