Analysis Overview
SHA256
f2e78f296398dfe1d93b76ae500bfc1eaf83a3604410917391be687195221718
Threat Level: Likely malicious
The file f2e78f296398dfe1d93b76ae500bfc1eaf83a3604410917391be687195221718N was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (2958) files with added filename extension
Renames multiple (4329) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-16 18:02
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 18:02
Reported
2024-10-16 18:04
Platform
win7-20240708-en
Max time kernel
120s
Max time network
17s
Command Line
Signatures
Renames multiple (2958) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f2e78f296398dfe1d93b76ae500bfc1eaf83a3604410917391be687195221718N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\f2e78f296398dfe1d93b76ae500bfc1eaf83a3604410917391be687195221718N.exe
"C:\Users\Admin\AppData\Local\Temp\f2e78f296398dfe1d93b76ae500bfc1eaf83a3604410917391be687195221718N.exe"
Network
Files
memory/2840-0-0x0000000000400000-0x0000000000408000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp
| MD5 | 00bc268b5b1161e415a77bf157408ab0 |
| SHA1 | 05f65565e54eaac5574980e690f2730c5c50cd25 |
| SHA256 | 60e15e91cdae7fca8291ce73e7b7be2de7de0fc1973fafc4694d05acbc45fad0 |
| SHA512 | 0235c1cc03acd17e429fac6c97268e75e2f99579d074ce2a05fea4f1c3d265726648529f7f5ffaf4716dd0c29d28a2247e84448882b3404721c3ed1b873557c2 |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | 8b43bf9641b2d9c3035fcb72a59bd365 |
| SHA1 | 5d7682b192f8e491f79f306b914a77111bd6da44 |
| SHA256 | ddf032a2338050c38b48c66939ec8496e6f94722df1bdb4d0d09018fe1366fb6 |
| SHA512 | 0d3ca260f90b3098f639a317b44f2d9b27c4cd9efd1f1330af52e2550a85b4b31cb6b4d847ce3d25520e84b8c35d7eca98cef8a08cf23ee77bb0fac0da9b3f66 |
memory/2840-70-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-16 18:02
Reported
2024-10-16 18:04
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
109s
Command Line
Signatures
Renames multiple (4329) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\f2e78f296398dfe1d93b76ae500bfc1eaf83a3604410917391be687195221718N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\f2e78f296398dfe1d93b76ae500bfc1eaf83a3604410917391be687195221718N.exe
"C:\Users\Admin\AppData\Local\Temp\f2e78f296398dfe1d93b76ae500bfc1eaf83a3604410917391be687195221718N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
memory/3312-0-0x0000000000400000-0x0000000000408000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp
| MD5 | 2778ee7d5d1a7deb70a6bb84a4656de6 |
| SHA1 | 0157fe5381cd8d3c0625e9d8a10a588bf6371deb |
| SHA256 | ce2457d3edcb386145d3e81317f588ec3cdcec1648fabcd3b13dc2ec67877686 |
| SHA512 | 90a00fa1f3afd72644029e82f2f8330185eaf24b1dec33ca885931e973e61e9bf006a1851b79de8259fe46d9891ee31f072b6f63f0ad442c9638b01a7b64c611 |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | a45b94e2f9731daef2da66205b94ed9f |
| SHA1 | 6bd6dff7278757fe62994fbdd80ddf13dceebbb5 |
| SHA256 | 60c77fbdcc73f0b7f006a1f83b0ad5dd6d0eeed914ec0ec90679f71a29b59112 |
| SHA512 | cdbdbedabc2464e8921137139a3c3564180b29bf0d517595e9d55436732aaefe8015721e1e9b41041d8964e47796db7c7fe38e933a3afd48885ab73d62da03c0 |
memory/3312-660-0x0000000000400000-0x0000000000408000-memory.dmp