Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/10/2024, 09:33

General

  • Target

    670388af40f8a01130c0c8461ddda00ba4032546ead72b2301579edebf09ae27N.exe

  • Size

    85KB

  • MD5

    4bfa11b5f54f219e1db74c7fa05e40c0

  • SHA1

    f6bef3e8c1450fa26cb4998872576d979d0da3a7

  • SHA256

    670388af40f8a01130c0c8461ddda00ba4032546ead72b2301579edebf09ae27

  • SHA512

    e73c56ce7cf9016869fcf1968d0c879585d6fc67af71b0a80518852ee58f0b36244e1f7099e4a5767ef6f7b8d6b6fa6464379c6b0f8f85fbc117190a76d22243

  • SSDEEP

    1536:W7Z+pApfGQ3y3RWvfmRfm9sKsSd5j7R6enIQhiwnKs6nKsJCfQ4:6+WpDfmRfmhz7RjnI52UhCT

Score
9/10

Malware Config

Signatures

  • Renames multiple (3706) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\670388af40f8a01130c0c8461ddda00ba4032546ead72b2301579edebf09ae27N.exe
    "C:\Users\Admin\AppData\Local\Temp\670388af40f8a01130c0c8461ddda00ba4032546ead72b2301579edebf09ae27N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2408

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

          Filesize

          86KB

          MD5

          7957aa43642b34acd4eaa832b7627d66

          SHA1

          92dbe6228e5e60a0d500336e61d723284cd5e027

          SHA256

          35df43f06007badd8178ef565c9e4777a3a7100588411d0d54468810a99ae39d

          SHA512

          cb97b78d38d0dd2d25c1b02756509b2fc7550fc8b96082727f328d5102ddccd131384fc9332ea66cf2374d1cb132ea43e76e373d4bf491a8a74b3c38b788183c

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          94KB

          MD5

          30ba06c7afceadb8612eed4858ed2a69

          SHA1

          b6e5011c6022efa9645cc4b2d08e689a7506d4d2

          SHA256

          7686c3abce6de96fb4299a6ff44dd6be33644f530567af13d769beffdb40e5fd

          SHA512

          8a70c2a3f650b9fea2a7c3b0d3795fd5538be1077790ad84c6dd8fd7b68a6b8db6ac606cf3455d3c8d3888585597b8a5a26537c70cd305fae95625234fae4149