Analysis Overview
SHA256
b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55b
Threat Level: Likely malicious
The file b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (3858) files with added filename extension
Renames multiple (5044) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-16 04:18
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 04:18
Reported
2024-10-16 04:20
Platform
win7-20240903-en
Max time kernel
150s
Max time network
123s
Command Line
Signatures
Renames multiple (3858) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe
"C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp
| MD5 | ffb1dde1767d815194babee88d89bf8f |
| SHA1 | 8032d5f29518511f831e99880755855fa8470d33 |
| SHA256 | 2813d37d7b12607c905d41f3bda49809e21876fdd44772fc3616052d660f807f |
| SHA512 | 7bfe891a760f4e92e9a6cc138ca8fb8c71a971517b36aa50ba3589d6a9e4fa5a613f719ca2a4ff7831925c8d8b239b1991495c27a0d8bd7c66a9149a235a90a1 |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | a93b040273437a66275af46b50b24862 |
| SHA1 | 7c2fcd971193bb7f96fb3fa643ebe8d67387250c |
| SHA256 | 16d6adceb01cc21bb5139076123cf3500cda6482d5329fe30e76a59ddd335f84 |
| SHA512 | feb02fc2876b5a975ecf12fbaa88fcf0fa91ba001e62002523363b718de8bb9b066a4cc19390ce8949fd7442495cbdf72e327e38a1c4923b4f3482c82be3c61e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-16 04:18
Reported
2024-10-16 04:20
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
124s
Command Line
Signatures
Renames multiple (5044) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe
"C:\Users\Admin\AppData\Local\Temp\b0c5c6b79356a1895afa0276e71a47838a0bb4e2771d45c626da6fefae5ac55bN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp
| MD5 | d892a7fc1e1a9e76f5c1563383ecfe2a |
| SHA1 | 6b7863565338097acb094a805fdf20f382448462 |
| SHA256 | 26c2f57b1e47d3494de416520880695a2ffb25cee5fbd6544cab24b5f7f6c40e |
| SHA512 | 7c152f7f10a1777dbe00f88f908fc9f79b2bc0916a1dca37fecd126be6218f011fe1746167707a9c3a9d2e8e1a494c8418fce2fa77013750cc7b6507b43ada3c |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | 991226aceff48f4b53b3688f3680b787 |
| SHA1 | d1a9b82b33ce2fe7a49909c73385293f25355545 |
| SHA256 | a51039b96397a93dae4f481cb9fc6197e88831edfcb3ade46a824b1405584bd1 |
| SHA512 | 9f497f547df7a47e58a232163cdea585520f50e879760e335776feea9dd2b6620b10ef990322d2a1329d1e41d46b77b293099a4b3bfc4cc9322851c9477ff785 |