Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/10/2024, 09:29

General

  • Target

    ebee5859fc3c1cc9905fe3d4cf38b2cf735d5784f57c2124ba3b495aa852acb0N.exe

  • Size

    62KB

  • MD5

    d57a65f648522362fce89e5312504310

  • SHA1

    4c07a193aebae9c0a2a70dfe1b414e3215ee2dde

  • SHA256

    ebee5859fc3c1cc9905fe3d4cf38b2cf735d5784f57c2124ba3b495aa852acb0

  • SHA512

    c8b3c5d2472bdbd83d88be00ffc6208d1104a004b41e76f502b4a9d0037e91d15ab3e47a54288d62fb414bbc3456cdd228f3005942e7267d69bfcfcdb453be1d

  • SSDEEP

    384:yBs7Br5xjL8AgA71Fbhv/Fzzwz72Jwuq2JwuR0U0Iap3gyaHq9nwK8gvgyaHq9no:/7BlpQpARFbhNIiJwsJwwnZap9QKQj

Score
9/10

Malware Config

Signatures

  • Renames multiple (3265) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ebee5859fc3c1cc9905fe3d4cf38b2cf735d5784f57c2124ba3b495aa852acb0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ebee5859fc3c1cc9905fe3d4cf38b2cf735d5784f57c2124ba3b495aa852acb0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3048

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

          Filesize

          63KB

          MD5

          bfd671ba25d2665f76c48eba689a7e4b

          SHA1

          148a8a9a723f80ca00e74a65d0f7894191405f50

          SHA256

          c97a29585e54f32d0ef08b6739dda6f13ce28cd83258a3ad402212059a9e23f7

          SHA512

          1f7b383f4a5669b5cab3b567c0b819e89129bdf2f074e27436335bb9a50c533a7f4bd89fe1eb38cb5dc52cf1c2f30f53213cefb9d0decf6da043f49fafc5c5c5

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          72KB

          MD5

          6f0f873ae98be27a5d6b39d419651c14

          SHA1

          7b7dbe0e9b462311c01c18ddbfe205e4c12025a5

          SHA256

          ed7defa518df06e98c3e6040ec3fdc6dc91082543e2c04512f5a37a3a0ce97ce

          SHA512

          97a4eb6d432b71291bb5109c30f665402fe6372c9ace5f488473a86b4f419ab95d847ac6b5fa2cc1ee2e185d9ff40260d07b2e6ccc227ad00a07e7e21b2129fa

        • memory/3048-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/3048-74-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB