Analysis Overview
SHA256
ebee5859fc3c1cc9905fe3d4cf38b2cf735d5784f57c2124ba3b495aa852acb0
Threat Level: Likely malicious
The file ebee5859fc3c1cc9905fe3d4cf38b2cf735d5784f57c2124ba3b495aa852acb0N was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (4645) files with added filename extension
Renames multiple (3265) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-06 09:29
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-06 09:29
Reported
2024-10-06 09:31
Platform
win7-20240903-en
Max time kernel
120s
Max time network
118s
Command Line
Signatures
Renames multiple (3265) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ebee5859fc3c1cc9905fe3d4cf38b2cf735d5784f57c2124ba3b495aa852acb0N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ebee5859fc3c1cc9905fe3d4cf38b2cf735d5784f57c2124ba3b495aa852acb0N.exe
"C:\Users\Admin\AppData\Local\Temp\ebee5859fc3c1cc9905fe3d4cf38b2cf735d5784f57c2124ba3b495aa852acb0N.exe"
Network
Files
memory/3048-0-0x0000000000400000-0x0000000000408000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp
| MD5 | bfd671ba25d2665f76c48eba689a7e4b |
| SHA1 | 148a8a9a723f80ca00e74a65d0f7894191405f50 |
| SHA256 | c97a29585e54f32d0ef08b6739dda6f13ce28cd83258a3ad402212059a9e23f7 |
| SHA512 | 1f7b383f4a5669b5cab3b567c0b819e89129bdf2f074e27436335bb9a50c533a7f4bd89fe1eb38cb5dc52cf1c2f30f53213cefb9d0decf6da043f49fafc5c5c5 |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | 6f0f873ae98be27a5d6b39d419651c14 |
| SHA1 | 7b7dbe0e9b462311c01c18ddbfe205e4c12025a5 |
| SHA256 | ed7defa518df06e98c3e6040ec3fdc6dc91082543e2c04512f5a37a3a0ce97ce |
| SHA512 | 97a4eb6d432b71291bb5109c30f665402fe6372c9ace5f488473a86b4f419ab95d847ac6b5fa2cc1ee2e185d9ff40260d07b2e6ccc227ad00a07e7e21b2129fa |
memory/3048-74-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-06 09:29
Reported
2024-10-06 09:31
Platform
win10v2004-20240802-en
Max time kernel
120s
Max time network
93s
Command Line
Signatures
Renames multiple (4645) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ebee5859fc3c1cc9905fe3d4cf38b2cf735d5784f57c2124ba3b495aa852acb0N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\ebee5859fc3c1cc9905fe3d4cf38b2cf735d5784f57c2124ba3b495aa852acb0N.exe
"C:\Users\Admin\AppData\Local\Temp\ebee5859fc3c1cc9905fe3d4cf38b2cf735d5784f57c2124ba3b495aa852acb0N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
Files
memory/3628-0-0x0000000000400000-0x0000000000408000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.tmp
| MD5 | 1eb6a3334c4793cc87f82b7c5fe7767a |
| SHA1 | 3898c0324abb134212ca30b1f0fa7782902a8c7f |
| SHA256 | 8275ece376eba568b110d88242f5dc2ba5bb5376af7e6f4a87aa43537dfb15c1 |
| SHA512 | a87a667c2a224c1b6ad22f6d6739c2ac1e1cd56b7346c22cc0d77f4abde44f05fc63af5ee5249c563885501656138d15d98fbaac05402ec59d41029d5d274d6d |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | 65764f216c75a8cf03888996776f3ce4 |
| SHA1 | 5744a588031cc13bfb24551d200ba274ea535c5d |
| SHA256 | 7bed7befb052500e7695736a026d3b9cc7f17aad93142c16a49854441eaf8b3e |
| SHA512 | 519f207d52daa5098c41c54ab4a3aeae84e6dafbb78c1316234f8421520eebda528cf3265e6b573bbe299f0e7a3ee14bfc8944e9b9b478cf954a8cc268c4bcd0 |
memory/3628-940-0x0000000000400000-0x0000000000408000-memory.dmp