Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/10/2024, 10:28

General

  • Target

    6fd411b520ee95049b844e6f7383ca126a763434c0f83b04b13aa507a0f897ffN.exe

  • Size

    51KB

  • MD5

    30a855b03ebd5f5cd25244a79097f340

  • SHA1

    95c27237b10811f373e8ffe75ce6acbe6ae830d2

  • SHA256

    6fd411b520ee95049b844e6f7383ca126a763434c0f83b04b13aa507a0f897ff

  • SHA512

    85edad5226d42bfb42744f143a2190d1c3c092547151b59de1397c71460c970b18d3dbad4f9d313f846e881ab8dfe1fe4b121c1aa05abb0c3826a6449cc4ff78

  • SSDEEP

    768:p7BlphA7dASbSLJJBZBZaOAOIB3jM2jMO/vY6mtPc:p7ZhA7dAxJJB7LD2I2IGYpPc

Score
9/10

Malware Config

Signatures

  • Renames multiple (3228) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\6fd411b520ee95049b844e6f7383ca126a763434c0f83b04b13aa507a0f897ffN.exe
    "C:\Users\Admin\AppData\Local\Temp\6fd411b520ee95049b844e6f7383ca126a763434c0f83b04b13aa507a0f897ffN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2216

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

          Filesize

          51KB

          MD5

          96c15d724312919e334c510ba5ea3fb4

          SHA1

          333699546bf2ee7d11bbef192d119a047e9a9b8e

          SHA256

          f4bf1ee78bf017e8ddccba7d3732357c958c80c4a72983892ca412c1119171b5

          SHA512

          3116ab9882430f6d56410b7362dcfbac883dd11fa91a14d6b5127c467d55640ff1c7532e402fa149f103215e043bed96ef1cb3175f5efc967ca37ec2673d84f5

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          60KB

          MD5

          7750d9c4b12ea08e2e97d6d4fca7978e

          SHA1

          145aff40f0a7bf1f23f089b6c83afe00746150c2

          SHA256

          e0399d147a118a5b1617ecea15c1901447647efad7746a0ce9f8341944f94929

          SHA512

          4493c722533f55cde4559dcb8615562850c6f02b37f96f43ea3d2ef3b3b72ed7f23724435d113dcee8ac967aa625a671aa143a0cd3249d037e87691bdf07808a