Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    16-10-2024 18:19

General

  • Target

    103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe

  • Size

    54KB

  • MD5

    736feb30f912ec759602226c17822930

  • SHA1

    67b8f6a43b0af45ed9000877de00f1750f404fdb

  • SHA256

    103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcf

  • SHA512

    be25a8c7668a69a51d13baa9f66263e90975e2746dffb16ca85f633c15c1a52989358243a0078a8f1a1e546b80ed6799e9b9986c7d0de632f1a1615e97e6954c

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9Yo0NO6iJfo0NO6iJ+:V7Zf/FAxTWoJJ7T+mR

Malware Config

Signatures

  • Renames multiple (3193) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe
    "C:\Users\Admin\AppData\Local\Temp\103981cbb7016005c5e39411602c0642e2d5c669cf7dc6406e368ab716a27fcfN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2676

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

    Filesize

    54KB

    MD5

    7bec10250bdf9e29a4b56e00c490570b

    SHA1

    a61bf2912bd993048533c63d8e1785bb7e195be0

    SHA256

    584ca0d0a736e7341e0be210c8cff9d2a32be2b30c050e913ac759537e1b4bee

    SHA512

    e282c3632f2e965fdf95c0f5dff07644de85187903d4fd93bf5e1e2e837f174ce28f62c9b74936ab30c6285e0425396d741f27211ac90d5d87deff1065de836d

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    63KB

    MD5

    0a59f0bb8b1b65cc87d36b117516bf0e

    SHA1

    efa37ff9c3238e771b141e7ddd70f306e4bc6d1d

    SHA256

    2416d9e3de387b74433c8a8275a431f93477b71cff29e75623b01763832abe71

    SHA512

    c6c636e42313f59b471c00cf90da2d2a3e8f00ec35bb26e9e723e6a6268343d29d0c71f65c3d6f5ada6f5838646d61774bade13bea32485b1bbd70d2c656ab78

  • memory/2676-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2676-72-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB