Analysis

  • max time kernel
    120s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/10/2024, 09:39

General

  • Target

    164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe

  • Size

    54KB

  • MD5

    389d4a450a4a18866b5458cbc9375a30

  • SHA1

    2f35225a7b9c2081ce3a1b824c72717e2e0d7d88

  • SHA256

    164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76

  • SHA512

    0ad98fecb0303a73bc929541918b7ddb80700a7827105f24c64a8468bee0027d92cd4554ad84ef1953b3daa1c7aac27144431c62546b35844013cda5080ce056

  • SSDEEP

    1536:W7ZhA7pApM21LOA1LOl6Aj8Tu8T1Rxew2wiq:6e7WpMgLOiLOAew2wiq

Score
9/10

Malware Config

Signatures

  • Renames multiple (357) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe
    "C:\Users\Admin\AppData\Local\Temp\164e131fe045650afd7acf6ac54f39a4904db49820961cc4cd5f1b45801bec76N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2112

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp

          Filesize

          54KB

          MD5

          59b3ae21e302af38fd0551f16146830f

          SHA1

          1f82eaea61e662612ad86b060a679192fa263c25

          SHA256

          6d5ea76b88714f69babf3576f163e081c1898f9ab7de3f7e2c52105ba16dae00

          SHA512

          f13592457e86b7354d378a8a79d9daa3e772ca189a3bf6a83840d90ca6c04e45cd7ab60e90c69b9529f3a82a41bc587cd5493149624f3a912aa2845d126cb7ea

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          63KB

          MD5

          2a6b66ae90d97fdecf550cd0d2a669a5

          SHA1

          89252a8e2f65331027af121190e94b06b13eb12b

          SHA256

          bc011baee168e2efded9d3d5a5ee567de7eb2a40c5ed5dbe24bca7c7ce21c0c4

          SHA512

          4b832700c044837c1842fa67421a36f4bd3363ed670d535a025658f650b1624f26ac5f27dfdddb827256fd1a9cd5a79c4583e19a6bc302cbc9fc3ccc5bf8b0c6