Analysis Overview
SHA256
6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0
Threat Level: Likely malicious
The file 6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (5103) files with added filename extension
Renames multiple (3779) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-16 03:26
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 03:26
Reported
2024-10-16 03:29
Platform
win7-20240903-en
Max time kernel
150s
Max time network
123s
Command Line
Signatures
Renames multiple (3779) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe
"C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp
| MD5 | 17c989a28acd1d76a96439adb9ad43b0 |
| SHA1 | 15af7a1723e9be406ddb2f3de34ad8d18087a71f |
| SHA256 | 55b65daeb932ab0eccbf3769a99482a551ab7d8f616d8924594279dd3537a311 |
| SHA512 | a47b335a66434cd09e9ef8287b224bb61c2ee72eecd14caaa76a63bc9cf0dd8bc586af87648b9b1d84d8790de8faeeaa59fcdfef921ad04ffac94e48e03a0abd |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | 0e3ce169028deed045fd0c3d4a95fc7e |
| SHA1 | 27635089c2703ff8d8cc7ed0a6ff88f4b1316204 |
| SHA256 | 570366ebf1f075f19acb078e15cbc218b26e54ad180fa2571998a1afce25480f |
| SHA512 | 406f9ee1a387392792e5346b844d310418ed11e2ab33607eb6a70b2d03e7aec5db4b1d7ed734e3a12dc1e6bc7d7d5d47ab48c3ed50019ba1ee087d8c25de596b |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-16 03:26
Reported
2024-10-16 03:29
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
106s
Command Line
Signatures
Renames multiple (5103) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe
"C:\Users\Admin\AppData\Local\Temp\6feb1eaa504c3ba30f718f581d6b4f4795eae3a859898b3872dfb625245e87d0N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp
| MD5 | 678f33d1169c378b0ad183e0e7ccfa7b |
| SHA1 | 29d173a56975fda50a66679cde7eeb91a94068e4 |
| SHA256 | dcf745afa2d192f90586f2555f70c8f817b37b2355e2556d44341c7d3ed5023d |
| SHA512 | 131b5195293e830685bd6b83658890cb0ece00a891f184591d492b1233813aa9d27c231c2d9c5c75d0ed1e70de47e7bdfa47fcdc3ea2a4660765f4b0e57db1ea |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | b3893efc00dc0353a8eb48c8c364cf93 |
| SHA1 | a3122d9f3ed17568d7364fff342fc5af5216320d |
| SHA256 | 70189a0195275c949bbf00814384aa4800e44fa87d7051230377b052a8b085bc |
| SHA512 | ead1f6423d0562a7f8a9913143563326590bc43a8ebd764826d1fc987ad99aff26577ee71645abda171e376ac09af859bfce42f392a4318ca3628df1e4c5d2ae |