Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-10-2024 18:18

General

  • Target

    0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe

  • Size

    89KB

  • MD5

    d78fc315257b9cfeadf31b327a329c80

  • SHA1

    14c41b5482ec56d7a7c3be886b4723840e35e7c6

  • SHA256

    0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525c

  • SHA512

    f16f622b52335cb9a217d204d0b503b05d45c7537f0d27875af6033a499b539ee0202b774148e47f577275d904026f971a62692f10a6b602b68bf889999ede3d

  • SSDEEP

    1536:W7ZDpApYbWjIoPyPoLzV7c6ShWfxRfxMl2:6DWpLf7fWl2

Score
9/10

Malware Config

Signatures

  • Renames multiple (2857) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe
    "C:\Users\Admin\AppData\Local\Temp\0378d26c86e285ba1ce1a161be28e5c45bfd56b8eb82d5e729ce8b1ab481525cN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2236

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

    Filesize

    89KB

    MD5

    341065cf950e7cc06a4c534a44a17eff

    SHA1

    c6da4e358a327ac4d02a0c495f8e7708b67db1a4

    SHA256

    ef86452d7bba22cdce3390d036fe58df7c24ed2f0b63a64789df6be81a69710b

    SHA512

    3a10ceb624185217c0c27e3a864d5a4a7dcfc2d4bc63b918a5182e4e2a00c5dedae51ce33584e8b2e4e5a1e69387c7a8d7d6cf7bc1a89b85b934527e7f398850

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    98KB

    MD5

    3b935423071f53a522b34be36e4dff4f

    SHA1

    717e2947faf3c12cbb74c4a63791fa866ca35c5d

    SHA256

    306c7da1c7949fa755b5248e57d61a4bc9833100679cf2b2d12255f7181b13df

    SHA512

    ab86a3473ec85fd0a138c02f9ae508eafa3fe1ae64a70b07363d93a55c69499f24ec815f0d25bb317fc6d25070b4ed49b662158f384a00c8b41a930bcd5ea8fc