Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    06/10/2024, 09:27

General

  • Target

    670388af40f8a01130c0c8461ddda00ba4032546ead72b2301579edebf09ae27N.exe

  • Size

    85KB

  • MD5

    4bfa11b5f54f219e1db74c7fa05e40c0

  • SHA1

    f6bef3e8c1450fa26cb4998872576d979d0da3a7

  • SHA256

    670388af40f8a01130c0c8461ddda00ba4032546ead72b2301579edebf09ae27

  • SHA512

    e73c56ce7cf9016869fcf1968d0c879585d6fc67af71b0a80518852ee58f0b36244e1f7099e4a5767ef6f7b8d6b6fa6464379c6b0f8f85fbc117190a76d22243

  • SSDEEP

    1536:W7Z+pApfGQ3y3RWvfmRfm9sKsSd5j7R6enIQhiwnKs6nKsJCfQ4:6+WpDfmRfmhz7RjnI52UhCT

Score
9/10

Malware Config

Signatures

  • Renames multiple (3096) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\670388af40f8a01130c0c8461ddda00ba4032546ead72b2301579edebf09ae27N.exe
    "C:\Users\Admin\AppData\Local\Temp\670388af40f8a01130c0c8461ddda00ba4032546ead72b2301579edebf09ae27N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2852

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

          Filesize

          86KB

          MD5

          603c02af43d211f6065e56e919d23e14

          SHA1

          0bac1f056367fc7a2bf6b0c760fdd68697fd333c

          SHA256

          f6320aa2b529c4a6857be3fdb4b9f6283cc9bbf591fa77446708b34287b18633

          SHA512

          63eeb3c3f3c5fc9626ea330e356e15eb851e7c278afdbf4c37e3a8858c7387aadeedfbc20e667ff7dfb9d2723185039ca9e65a6d771bbdee2fd04445afe3f385

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          94KB

          MD5

          754cd1896488b6cf1a41ee953f6fca17

          SHA1

          cc1f17df686f55ebc78f25aea2bb444c911a1282

          SHA256

          637b1fa0944a86eb000dd45a24ca74ec1237a66125b818ca38d47bdcb067883b

          SHA512

          19feb5baf108d1bc09ac6d242b13a0b791350656ab52db45faf06182f99047e4f0e1cc4d48bfdbe7eff9b38602305b1d3744ffdbbbaaf5b5ce2e4d7ca12c0518