Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-10-2024 18:03

General

  • Target

    004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe

  • Size

    47KB

  • MD5

    556a95ff5ad9ecff1d26fbcc4e7a6ccc

  • SHA1

    ced8c39be24223051538734e74ac6be70d2347a8

  • SHA256

    004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705

  • SHA512

    d3031165f0ad6caaa35c529835bb8ce3571ec34696baff728a0ed55cfbd7c556dd4b7daa1d9d26fad38a2894f0b4b591cd611710a6513736139a33e4da8ee7f5

  • SSDEEP

    768:W7Blp2sspARFbh5YSfff9n1oXKCqzEIn1oXKCqzE1IwScIwSJ:W7Z2sspAp5YSfffMrfry

Score
9/10

Malware Config

Signatures

  • Renames multiple (4072) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe
    "C:\Users\Admin\AppData\Local\Temp\004e18d2e9c342aa5cd13aa8f981c3cd37d57759fbd5b6a60f5913c3f52e3705.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2872

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

    Filesize

    47KB

    MD5

    6651668a60208f0f31dcde5ff9ea2be7

    SHA1

    f7fe0398dbdee3e1587823e48ec8745ad1799e75

    SHA256

    d6e6911af5f1de920e196bd0928db81e652d3f9453f3e923034f3b6f89f03ced

    SHA512

    fd5ac9544befec80c1f46b0458a86b3f658bdade8c3dae560639a35183db61020fb780c79ee117c71852aebb827dc828dead1c77f928bd82dd36b73f9b0d287f

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    56KB

    MD5

    c5b02e8d20e6f2aef421e8790d272aa5

    SHA1

    1eddd5bbcd2ec59a3801d6afbc0a16dcc0b10d89

    SHA256

    8485d112087e223708e2ea47935bb042fa800f7a471feae6faf27b4b1c645c57

    SHA512

    2c297326329eb109706e5432790e8b7738fd87c6957bbeda837a96bdb772b790c933a58392f0bfb643f2a4dc494f53fb81e9ae4069b850762299e343d1dfd090