Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/10/2024, 09:37

General

  • Target

    d965f9ea60f6cd22c601eb3705bb89896f327b93228950607e0cdcf2fd9ec9fcN.exe

  • Size

    48KB

  • MD5

    4e42d19da085cf84d6b2a8f31f9e3a00

  • SHA1

    290ff700ad10e8afd7f600d066faf6caee02333b

  • SHA256

    d965f9ea60f6cd22c601eb3705bb89896f327b93228950607e0cdcf2fd9ec9fc

  • SHA512

    d3f411e4009618fa7cfb5e0bbd0fb10934ba1d7da382930312124bc300fc2ec822b43b30c686a67cd0376deacda140f804f0607fb37ab2280f44b7246767b2d2

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJXGitPsqAJUqAJ9QN:V7Zf/FAxTWoJJXtPhQN

Malware Config

Signatures

  • Renames multiple (3434) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\d965f9ea60f6cd22c601eb3705bb89896f327b93228950607e0cdcf2fd9ec9fcN.exe
    "C:\Users\Admin\AppData\Local\Temp\d965f9ea60f6cd22c601eb3705bb89896f327b93228950607e0cdcf2fd9ec9fcN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2648

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

          Filesize

          49KB

          MD5

          e45ced5e0e14d234d975f6a19c5c2632

          SHA1

          0281b5e5ff479a33d6ddcf88d377dbbe081a9cb3

          SHA256

          d884323ffffdd38a056fa9366e3fd0ebc3a0eb6079a67620696eb6e10726c978

          SHA512

          0f415f8f9360795450cf6fc16e14d2e377eb39f7c63dc84f92f2271e40db948be908842dbe620cde9d6488fd3ecc97db2a0ff6e628a4b5020933cb845c292b74

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          57KB

          MD5

          0f464c4906523d58641b61fb2fb41550

          SHA1

          1c2731fd799b210ffc60d7cd07a64d18a13f7eb1

          SHA256

          afac0ed57f675dd1d2d683cef7a43dcabf51ee0acea1fc9e01266d6c5df3b52f

          SHA512

          73985d5d61c11adcf0211189e6c31c060dd60623db56616d0a8953a7b6994fa07dc3eda56fdcc36ecb14f278cefe717209433b7fb5c1718dd6ed73fd78982dbe

        • memory/2648-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/2648-74-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB