Analysis

  • max time kernel
    150s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    16-10-2024 17:56

General

  • Target

    c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe

  • Size

    64KB

  • MD5

    55fc25084bf403088db8eca691b6bc90

  • SHA1

    e7e832a5441358fa01b68c8ea12571952a4284a6

  • SHA256

    c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3

  • SHA512

    cd9b98bf18f40917c4446075acc09b32b0f9207af9f2cc4283ffd8f494152f90facd234b4e41b975cd0b0efa02eeedcdeea8a8e6f3c3c520ade8ac83ca6da72c

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/tiPSqNEzlp:V7Zf/FAxTWoJJ7TTQoQ6qNfQfF

Malware Config

Signatures

  • Renames multiple (539) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe
    "C:\Users\Admin\AppData\Local\Temp\c1754baa83057ce78e2363d8876b2c936f3946a38a52b26ffc2134f45a7dbda3N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

    Filesize

    65KB

    MD5

    ed136c013e7868c52500db9a930954e7

    SHA1

    5d17da54b54198039f0feff300dd13ac72881e5e

    SHA256

    910fce1a2a0408fb3ab6d4c8c2d693c1f29c83d435713e884782c993af7dcac5

    SHA512

    b3038f1add3d2658a09a215af4a20d0469892d2f03a6b7ee18ae879af214090098da3002c027b8ee9f869a7ccdb3fffdc681e563fc44d84dcf62c2e320b3b932

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    73KB

    MD5

    1c8e8d5587fc7425a37a89b9488f8192

    SHA1

    faef18108d35567832e4df342c721c465fd40c22

    SHA256

    4c599f258c080d85734335f5c49489e2d9c327e920441319464077e4c62b89c6

    SHA512

    4bf424a159e956897fa7c0a55402fe6b0f1147e5ab1fb9868c8c476d495be4cbcab0feaa38150d3fc85231b3f3c3c640a84388cbca3fd70c409c48d0b8e15048

  • memory/2348-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2348-18-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB