Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    06/10/2024, 09:50

General

  • Target

    0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe

  • Size

    45KB

  • MD5

    b1c3a5e077547f6d533888d59f487e10

  • SHA1

    c6501eb4454933b1172d742a2d19e05765f6d21e

  • SHA256

    0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2e

  • SHA512

    d1a6bf331bd9855694f6212d7c9e9b12595296d5823a8d0493422a91f5bb8b7833d79a3ab2b89d0864ceb5f7b1c901b1e8c1a0f19bf8dae79cc1c50dea8f0f32

  • SSDEEP

    768:W7Blp+pARFbhBgnKLMWK9WKD2N2LSarSaC:W7Z+pAp2nKLRKIKqoLSarSaC

Score
9/10

Malware Config

Signatures

  • Renames multiple (3165) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe
    "C:\Users\Admin\AppData\Local\Temp\0ac69a7d86d56d179f199f0b340fdeb4df7d5d4cba251dcea97a8ade114e8e2eN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1976

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp

          Filesize

          45KB

          MD5

          5516211141c02b856fcec9c248e6982f

          SHA1

          3ccd3854cfe03f6d138f5f5535a518ea8bd428df

          SHA256

          6775d3f08adb8fd2c4d5b0f96eb6ddc911b8f17c4ff4e469f92a278ba3055dcc

          SHA512

          8c20ad8022d6575c792f5542ef7c5d96f126fd4a9e869f627bfc6602f27ffa9fd1d668ccc374e42ecf60081d160692f0484809164ce3133f7ab0f523fcbecf02

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          54KB

          MD5

          46c4d801e7fb35f83407c5a2ac147134

          SHA1

          2a8f053490406638e038a17c3b716dd509878fb8

          SHA256

          b6add711f4c64ad32915272c945b629f025ca7bfb7f33d1427df15e93cd612dd

          SHA512

          65ab151ef9a6c5c174be864fd4540c1ac2c090d8f279b162f43c5a875c2048733595d8718e00b598cf154b03515d39307af8c4c72c549667c072db4c29819e21