Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/10/2024, 10:32

General

  • Target

    80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe

  • Size

    52KB

  • MD5

    ddb75ff3f3240cddabce78c7dce974e0

  • SHA1

    e0665703c0d500b5e9c985cf7b4e0d71ee17e794

  • SHA256

    80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969

  • SHA512

    e66c348c4ef656ed2fb2efc1844b898d5721a249a8a130a177460e869d28c65406dc04b8c740285a0ce536f30ceb180ba8eb5c169e9cedb7a8731c6af56ba10d

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOd+QRA88O1ggi1x+88O1ggi1xY:W7ZhA7pApM21LOA1LOTRAsWysW0

Score
9/10

Malware Config

Signatures

  • Renames multiple (3858) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe
    "C:\Users\Admin\AppData\Local\Temp\80d13e90434f7e30118a96cf02c0bc28434cff9ddb4ff7f5a174193031a38969N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2684

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

          Filesize

          52KB

          MD5

          87350586078bfa0010d42f2f12fc072d

          SHA1

          a1f8a7be842153879921bb0816aed2221816d1a8

          SHA256

          fdef7031c3cb649eb7a45b01f9338f68b07d1a50263260b553c7d47eeb08a44c

          SHA512

          3475b4354110dda2faba575a9fe2b83815ee9245aa26cfff7ae3b8bfb22aa89f57f946b51f6224a1ac5c0dd0b6e22f58e41e4dc7c57d91b9c76c5af9d93db088

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          61KB

          MD5

          0e279d93894770ab560a673c8039b483

          SHA1

          7c0b835fd0b004ff32bd155207c48a2535324755

          SHA256

          0915e004df2c696eeed6b77e05df5e75bf8d5cbc5d3dbb9be7c136c00caf197c

          SHA512

          99532ab34f8cc1badd808b5be0763fa491a0212bf1a451f1ce1784d267e0224b6bcd068d2090fcef6f6ba96ac4332a61efec7a084c32354c4bef4a65d5f3c61b