Analysis Overview
SHA256
f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751
Threat Level: Likely malicious
The file f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (3708) files with added filename extension
Renames multiple (5091) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-16 06:48
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 06:48
Reported
2024-10-16 06:51
Platform
win7-20240903-en
Max time kernel
150s
Max time network
121s
Command Line
Signatures
Renames multiple (3708) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe
"C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe"
Network
Files
memory/1964-0-0x0000000000400000-0x0000000000408000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp
| MD5 | 3eb0f333cbff2e88a2111536c554bbe3 |
| SHA1 | 8cf12e85bdc673a9199f34be1004b21125dbe779 |
| SHA256 | ae105634418f4e09f3158e5332b96dbcd3479053144b85e3709a1a17d15b487e |
| SHA512 | 601edf03e1b64259adeed6481bed4c30b89105a81bd71617e57a5fbf31e88fc1dc1749bf1956e32fc201afe8a022cb71add84f65656bede2712926f78070fb64 |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | 16421b0a323ece8c033313b2d0d36274 |
| SHA1 | f78e77c9c0240d86ec602c131a19bf828accac67 |
| SHA256 | 49fc708ef8009bf521680ac93dd337269faa56744f0a7871208d4487bf28823a |
| SHA512 | b1ebc323bd2b783bfddbd79ed14e789be3b58ef4d89b1eaa4df173b5325c2320b80f5235d6545933db8181eeec7905a4e787455e3691df82fc44a9af7e14ad8e |
memory/1964-72-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-16 06:48
Reported
2024-10-16 06:51
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
152s
Command Line
Signatures
Renames multiple (5091) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe
"C:\Users\Admin\AppData\Local\Temp\f8c2f8438d6721724c4c85254ba909385235e19a933f8f742a264b9857e03751N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.239.69.13.in-addr.arpa | udp |
Files
memory/1728-0-0x0000000000400000-0x0000000000408000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp
| MD5 | c8e72358f49a80cacdd322a3f4baa424 |
| SHA1 | 898b36dad9056e3f64fb355c1be857f563524b11 |
| SHA256 | 205d34bb392869980cc94ab3c333e35af61a0774175cbf9689f86a76e0fd1014 |
| SHA512 | da9f7d91ca1fc08810794a82136d5395892e263d970f48773b3308cfdd8cd132be067bc1f9702dfef2a001eccf7a36bd1d812003ce4ae8970d264461d299e5e8 |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | 8e9fa850f790700bd6cccf800fce7bca |
| SHA1 | 785a3eee60ee46ab4b8591cecf06541ebce59cb0 |
| SHA256 | e315e46ef432337e31b4b026695e67b41d9e84333b52ed7dd033c1e987960600 |
| SHA512 | 3344f4cf4023c9567f7d881f991092b2a16c82cba3e6e73565d44a7e5ddb03ea92927775c82028ec4ccd7a862753a220b1d484439527670883b310e23afd5646 |
memory/1728-678-0x0000000000400000-0x0000000000408000-memory.dmp