Analysis

  • max time kernel
    120s
  • max time network
    21s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-10-2024 17:39

General

  • Target

    22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe

  • Size

    59KB

  • MD5

    d3bcb5cf6d217b72d3c849354e69c810

  • SHA1

    7b57c43fdc03c155b1f156f8b73f64762b45b713

  • SHA256

    22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6

  • SHA512

    cabaac3f75ae11c4da9308e5fc10e5b5bfd6b78fbddc1280bf6984555bd4b5b492eeb1df097bbce5b89f4ca801cca788a771f662859fa32cfb607874f13d9b81

  • SSDEEP

    768:W7BlpppARFbhHFoqAJwBqAJw1VyjVy/3sY1YxwDwk595E:W7ZppApyVyjVy7Uk595E

Score
9/10

Malware Config

Signatures

  • Renames multiple (3191) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe
    "C:\Users\Admin\AppData\Local\Temp\22c89c2b23316eec08f33e9e4f03ba2767a3366ffece4653f16a7dee0dbfb2a6N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:276

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

    Filesize

    60KB

    MD5

    7a4c121d0b3866bfdc55411d4641537c

    SHA1

    2f7281f3e8130b41f89229f3ab964051d165ad88

    SHA256

    7a84ae96ee7a7bddb101e5dcb02af8491302d39bcddfb106f5a7bfe3084b73de

    SHA512

    080dceedc47c6c5e830f888d89935d86d58ba7f3a742990f771f34515bf0b008497edc148fd3ba91574f054a1d7d34566f09631aeff4ff9575159cd09defd53a

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    68KB

    MD5

    6819274521f240d15ac2fd475f94fd4f

    SHA1

    cab10e46e876a98123770cf750619e0b1a9bae88

    SHA256

    62f5348970b34997c0c9044226f83d510d0bbc00ea3c2519b0821da437434965

    SHA512

    ff42b347aeb3bc0f4aa2cc3a04734969f96e1d01e9f6eefaf4b91d0009cfdde9a71dfca1346fa6858a612b038ffffe4a1fc193a7f6e5170488fbccda237d92dd