Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-10-2024 18:27

General

  • Target

    9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe

  • Size

    46KB

  • MD5

    37ab91bc95942249608a7fb5b9438e90

  • SHA1

    10b667c5c6fd45ee63168b2204fc7651f393fe01

  • SHA256

    9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53

  • SHA512

    b5bf92da4a8ec87462c21fbc460caee5668f75f1b0d8fbb759020a4dedecf23106bc21bcc7953ad2d9ca147a1b5e6c690046c2aa41f097d47704c215f1cf5f6f

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcwBcCBcw/tio/tiJFEFuodcOZiJSQOQiJfodcOd:CTW7JJ7TTQoQPyPhehEJyQJyv

Malware Config

Signatures

  • Renames multiple (3218) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe
    "C:\Users\Admin\AppData\Local\Temp\9cdb9ad7f9cbad8a6b427383b6dfd6eb0e88d718716315f484b326b7dfaa9c53N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2856

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

    Filesize

    46KB

    MD5

    2a75dd47193f2982b29c0c89e2875a2e

    SHA1

    121be6d8228bcccee5d1d6030c685fc8380e2342

    SHA256

    166dde4b399ef91deb0744d7584c75ddb2b20cce4833e2497b2f8e69a76899b6

    SHA512

    93d803624a304119a0d3045d87b31fefff9bbadb6fa2dd5c40a19aa6562b31911d98672683009bfe03050b98e697424fd8c7589222084fc7f83c0897b2baefb7

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    55KB

    MD5

    4fa404d3c2b2fd960278dc1df127f561

    SHA1

    a9e7c0c29d45fe3d1558c62284f3433418e493f1

    SHA256

    a5b24a937caa1a0625961a7ea20ad2d365ce7f4aac006d31011dd6b14ee5a9a5

    SHA512

    61af79cbc5693a19acfe2ef6a43887c4317c5857c6da33c3133d439db6ff1395e1f754a1f349a60205bb7581e2d5593307a165c64591a08f5ddd91bc04d57d64

  • memory/2856-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2856-69-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB