Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-10-2024 18:05

General

  • Target

    0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe

  • Size

    584KB

  • MD5

    e7be3031468930b44c6679487d4e97f0

  • SHA1

    0098d8ea27246df367ee815407ddad7279206a6a

  • SHA256

    0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9e

  • SHA512

    8a3e0cba2570bb9bcffc0c5f46494d0ea7419c5a9b050d91d72bb520bf8aa0d237a9a48620506746b4abed6dba8fda525f4f0b251891278fee87047b6440fcc1

  • SSDEEP

    1536:CTWciVRRNRROHrNOPLeMS+YanjU8YKLGPavsH5d6mFUejEdH1v6H1wH1I03pkTWd:hRrRgxOeORYX3FFodVv6VwVIu8X5y

Malware Config

Signatures

  • Renames multiple (1171) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe
    "C:\Users\Admin\AppData\Local\Temp\0514180baa874f8b3b502baef8aaef8b473dd696231991f03b4ce55db9c4af9eN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2288

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

    Filesize

    584KB

    MD5

    5eb1387f635d3ca8f0cf0e749cbf8e2a

    SHA1

    627c43dd3137e3159cb4ee66f2fd0b1829913e45

    SHA256

    024039728e0b4907efa8d08a473134e4672c7b43e144df8d396851b2a8b4173a

    SHA512

    c65327b86c43d2b7eb9c8baf691a161251010a6167d4e36e0fa4a0141f3a36fde6f4e959db596f96c0fb623a48c6c6095b0e2148948abae645ec6b28f76bbebf

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    593KB

    MD5

    c819e42ef565a00304dfe12850fbf439

    SHA1

    00e1fc62c808b8700bc5ac1f5ff08808ccf7d76c

    SHA256

    01e29ff1c6ad32114bad0b2db50cf14293cacd9c3ebb05a4e3403d4478a8cc17

    SHA512

    3a0a45bbd2a6c6742e9c390d486e5c4439a9b4e2ccf7db00805f68e55e568f58d55ccb804d3e984d9415772d8f8fa40de88638d6e922b5bb95bcdd4f407a1cec

  • memory/2288-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2288-69-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB