Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/10/2024, 09:24

General

  • Target

    2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe

  • Size

    54KB

  • MD5

    72c81af858b4894ae917f0a1411a9c00

  • SHA1

    348bda45b36d2e3f49f8a5ca6d36fec3efe4863c

  • SHA256

    2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9dd

  • SHA512

    faaf4552a8b0288a31ce6821587fcc70dcd7da17317fb80f26e7e88e2ae77d3152744f08cc36f17838597f0ada58066bdb2c9fa2cca396d157f5792533a27214

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9+qiuX:V7Zf/FAxTWoJJ7TeuX

Malware Config

Signatures

  • Renames multiple (445) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe
    "C:\Users\Admin\AppData\Local\Temp\2de3c23961af5f6dfb3b7e4a4d033b695a1dd517823ff8434d40688c896fe9ddN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2124

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

          Filesize

          54KB

          MD5

          ba82d5ff92b6fef53169b408668ffd69

          SHA1

          d8d307ff29b28530151f1d38aa95c5a863c9b5b1

          SHA256

          6e253906ce0a8073be009e8a15375f06c46ebe3cb1cc498f9511fd94d7de4eeb

          SHA512

          7c39bab62dadf9eb7fc48f25b4cbcd2b534839a19c75493112fcc303f1a008fe0f1e2b3f39dced59bb1743ba894d03138ef57ce17950f563909a9c13feaf6d8e

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          63KB

          MD5

          aa0f730e1d95aa9d09ca7a689b011634

          SHA1

          6e32979e21d2dc7b1ade9480a1b27f11c403d229

          SHA256

          73d797b23506faf4f50cb76a9431fcdf67e7c2906b08e43aae6682d61e36fb5d

          SHA512

          ebea5ec812a1076a4d85f595170702534166aeba8ae8c353e8df226e54389b2fd3883cbbf6c49f43f8756eff8451e9bcbc8310afbc2ef6c84778eaf5bfd02075

        • memory/2124-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/2124-26-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB