Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    16-10-2024 18:13

General

  • Target

    9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe

  • Size

    41KB

  • MD5

    55c6ff2e65c4773cf5db8c8b05f8c9d0

  • SHA1

    0e3d3b2eafc6711226448fdbf05493ae26474cc5

  • SHA256

    9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109b

  • SHA512

    6cd20f51e6da8eab60fd341f7a5ab9f68416f6023cbb1bde3166bfff99bc6ef3cf951fb491181a4d405f38715b80dcd5d788926bd0f6ed4720732288c19df660

  • SSDEEP

    768:kBT37CPKK1EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKeKiwlL:CTWciVRRNRRI7

Malware Config

Signatures

  • Renames multiple (3201) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe
    "C:\Users\Admin\AppData\Local\Temp\9f2d5a0d6421d64e55737198ae46ec0707abd42db72e43948f999d09f3ba109bN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

    Filesize

    41KB

    MD5

    b5cdf2f7df864ebbef31a9576a545421

    SHA1

    073897c0643291ea4f6aba309bff242e29a46d78

    SHA256

    60778778bfc94f9e72d0142277640352791269deb1501e440c865e2e11099759

    SHA512

    1deb3441c7ced6798532462be7e639cba5beefc17177b8b0e81366f05640be4b9462ffce706bd1c451f6354e99e0b95113ba0a599c096496a0c13fc875bb8247

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    50KB

    MD5

    f4688634eced7141678949206092ccc5

    SHA1

    9dc2bbb086536b332d7ccf2bf800012a05cb654a

    SHA256

    5453019989702571c3eac4339205f98e02544dcca39c7dc7ff96fc52225ebcd8

    SHA512

    77c624f31f70de868f25056f1f17183fc2d5bd5f666956c51fab981225c860d26b5c06aae7d92110209780b5c9940d83582627df40b39ead6bd81ec87063cf85

  • memory/1700-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/1700-69-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB