Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-10-2024 18:15

General

  • Target

    826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe

  • Size

    105KB

  • MD5

    531e509a09b8472abd0d4cae379b2830

  • SHA1

    aa61e6b86ae7079f75e45f9c856173667c06c68c

  • SHA256

    826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316

  • SHA512

    5b8fb2a3bf997a3b10853437231f8f810c4e3dc9620fb6c6f367b0fa962a23b4cbeb60f5476b078f0148d7e85b464d7e0ad12a66a4b334c6baf9658f8c2c4f08

  • SSDEEP

    1536:V7Zf/FAxTWoJJZENTNyoKIKMQTW7JJZENTNyoKIKMIjUv0FR:fny1tE5KIKEtE5KIK7jUv0FR

Malware Config

Signatures

  • Renames multiple (2900) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe
    "C:\Users\Admin\AppData\Local\Temp\826df9b02016feec0bc63a33fc30cd2bd4f06b0d014c3571d1d792a5c364d316N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

    Filesize

    105KB

    MD5

    6e666b8d5ded9fee072d15ce1492ac18

    SHA1

    36800e3c5ccfc7e530d0ad99eb32e979c742d2de

    SHA256

    b805ff99090e8b0bc81284aae16a140581d2086c4b27447514c9ea50dc264d90

    SHA512

    b576685c91fd25b0816138712eedf9b95028aeacf5be41caa80e9264381c85327f2e8070ab1688b97fb96d134f8f95cb64b9446980667eecac407484250a5044

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    114KB

    MD5

    b23556e935a0040ff1fada050052e6ee

    SHA1

    7f63e83a9eae15c15ad1a0e93c8611fa0f1e5710

    SHA256

    5c88ad1b518a2893e0743c2ebd43a18da59b1ff240f8bbdea199c1a3bd0fd5f1

    SHA512

    2c6cb51bb3f727d470eda16d998e2a488e5bfe8fee347068ff19674885bc84178247d8d3f3aa6ee7befc701a51490db717f2e4e937234ed488ad9c3d7905b759

  • memory/3012-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/3012-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB