Analysis Overview
SHA256
1f8d8fbee26db80eeff916597182aeb8e6b04f46b021632e7e323b39b8000e7a
Threat Level: Likely malicious
The file 1f8d8fbee26db80eeff916597182aeb8e6b04f46b021632e7e323b39b8000e7aN was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (4639) files with added filename extension
Renames multiple (3212) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-16 04:58
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 04:58
Reported
2024-10-16 05:00
Platform
win7-20240708-en
Max time kernel
120s
Max time network
16s
Command Line
Signatures
Renames multiple (3212) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1f8d8fbee26db80eeff916597182aeb8e6b04f46b021632e7e323b39b8000e7aN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\1f8d8fbee26db80eeff916597182aeb8e6b04f46b021632e7e323b39b8000e7aN.exe
"C:\Users\Admin\AppData\Local\Temp\1f8d8fbee26db80eeff916597182aeb8e6b04f46b021632e7e323b39b8000e7aN.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
| MD5 | fd8b6177a670ca520538f1792c75abcf |
| SHA1 | 10213b3473054e40b8d8a32547ae82067a21244e |
| SHA256 | f27503fdfa442953ad5ed1ac5d17be2718ad2974c7b7e105ea06120ca33f6527 |
| SHA512 | a5bc0f9e2685f906d1f74f0da096d489443b3cea0cec914b37f32cf4ef1bed354c4f8dff423266c69b58a0dd54a5125c64d2f30599e52a59570ed43c4b55d6ab |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | 9c78f60d6d17899f377c3ecced7a548a |
| SHA1 | 74afa2b79772d0e532470fff278b31f93ae6bd03 |
| SHA256 | 70670766bfc8cc4916bc6ad466c872a4f4df353b4ddc9a4e537ead033de9b682 |
| SHA512 | 686f0af02b711baa08b9b450305b5ec607004b4426202d1878b64147de2771bfb8e4130c94b85f2f8dd9781883e71d2c1e9b0b8e8f9272fc60a4ae28d402080a |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-16 04:58
Reported
2024-10-16 05:00
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
105s
Command Line
Signatures
Renames multiple (4639) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\1f8d8fbee26db80eeff916597182aeb8e6b04f46b021632e7e323b39b8000e7aN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\1f8d8fbee26db80eeff916597182aeb8e6b04f46b021632e7e323b39b8000e7aN.exe
"C:\Users\Admin\AppData\Local\Temp\1f8d8fbee26db80eeff916597182aeb8e6b04f46b021632e7e323b39b8000e7aN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp
| MD5 | 5bd16b871e4229cc5242ca6caa3d8b5d |
| SHA1 | 4973cef09d011d58e3702faf794b6aa4174a5c3e |
| SHA256 | 581d39a8f872ce65933693e52ff0bc03192fcc24849fdf168f3e9714ce378974 |
| SHA512 | 872b3852cb97f1f29e5b83de12ef0c83df06bf190269a12fc2009282eb3349f7ef3489f5a3a8c57d7aadf8244a5352be5bf2562f263f78a077a4a38fc9baf5d7 |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | 29bab82ebe581c1dd057a02a13817f3f |
| SHA1 | 5244f855f23196699cca07b85f787c98fabc7c94 |
| SHA256 | 338822a8f790eb57b1c7f4b4c4072abd1b420e5441c63b6c239b1107e8abfaf1 |
| SHA512 | 262852af270111e3b1037ecc27ea71bf650fc1778fb031322662c95cc50180472d8c7e861dbc0d51018e7249cb0e2d4baaa90aac21032fc1843f7cb21ff15504 |