Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-10-2024 17:50

General

  • Target

    e51de51a6039f8757082d5b3fabbe5482551345c80516920d636e848b9b23ee0N.exe

  • Size

    83KB

  • MD5

    12246670c4180d7e8b8dacb36ee0b5b0

  • SHA1

    bbd878e89bf73e1cb3ad38b26c6e2de2ef3d409f

  • SHA256

    e51de51a6039f8757082d5b3fabbe5482551345c80516920d636e848b9b23ee0

  • SHA512

    3d7aef7c9a65f91a02de2047c378ad23362b1fefdd7b8417ba6f97a57702b9fd87e30a19aeb2cc785992f177ac839abc5c68169f3f02c2c5af55127c65f88acf

  • SSDEEP

    1536:V7Zf/FAxTWoJJZENTBHfiPtEOeu0STqbf/xv3KB:fny1tEs0Sm3KB

Malware Config

Signatures

  • Renames multiple (3140) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\e51de51a6039f8757082d5b3fabbe5482551345c80516920d636e848b9b23ee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e51de51a6039f8757082d5b3fabbe5482551345c80516920d636e848b9b23ee0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1564

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

    Filesize

    83KB

    MD5

    61a1898199f39cd90ea4297833897876

    SHA1

    3d95df1da6935cc199921f414d5a3f1786df522b

    SHA256

    d7d2e3197020371d658e9f919c62226da1f1f40f1e3530be1368b16db69fd9c2

    SHA512

    2b5f92dba1cf87444849b7b379335185811827151d93d060656370e81a106424c6594177a3924ea70979c6453117b7ef0caeec2fc5cfff08caee92c7058b6359

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    92KB

    MD5

    8fdf25c9c8b488d17eca607d520a2abb

    SHA1

    83d4b6a03ce3f24300b064235ee4282b642a8644

    SHA256

    01da03a45be305f8f3451c77c596ab12e0b11b9df783c752295c942003af17ed

    SHA512

    a900d470cf6ae1a0141073be0ccf6e6d7dd6640283bf47525132b835e9b2fb6bfdcd1fe87fbd4f273802c2bf31e1eb18de6870a4871c26c2c3ca61d349957ca5

  • memory/1564-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1564-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB