Analysis Overview
SHA256
e2c01d14bb49f5e8a8078fdf949fd5b55bb115bccbfb85aeff3beb16be36741f
Threat Level: Likely malicious
The file e2c01d14bb49f5e8a8078fdf949fd5b55bb115bccbfb85aeff3beb16be36741fN was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (2741) files with added filename extension
Renames multiple (4602) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-16 19:36
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-16 19:36
Reported
2024-10-16 19:38
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
118s
Command Line
Signatures
Renames multiple (4602) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\e2c01d14bb49f5e8a8078fdf949fd5b55bb115bccbfb85aeff3beb16be36741fN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\e2c01d14bb49f5e8a8078fdf949fd5b55bb115bccbfb85aeff3beb16be36741fN.exe
"C:\Users\Admin\AppData\Local\Temp\e2c01d14bb49f5e8a8078fdf949fd5b55bb115bccbfb85aeff3beb16be36741fN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 102.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp
| MD5 | b990525f8344687e90fa2b1821c2b7d6 |
| SHA1 | e92b96790bcca79f099950e497c489b760c1ec7a |
| SHA256 | 85dece915d81b0735e98086927ab0b9935a2ce604897c26ae46fdc0f2ea9dbf5 |
| SHA512 | 7b23d8444d6a1b45f5ce1c482f208aa5dc9a82e5c54fd4520e99a661585d57c4bbe99a37832b2ea1ebbb450c5d386d799d0cdba1ead63d906faa8903eaee504a |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | fc7974bb1ed9b1ef847580ea84831f99 |
| SHA1 | be7a0405e356f5e702036e665b845078649dcb28 |
| SHA256 | c8d03d8c14833bbd7a8601edfb5e99a132d685fade37ec351d3358e84a959dc9 |
| SHA512 | 6f333177609930b5771a1b06637904c5c1564c631a0a490569b465742a907c4b1abb4ab27b651827848021e33bc23ec677d25e7df64185f12d6ac2f990b7b611 |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 19:36
Reported
2024-10-16 19:38
Platform
win7-20240903-en
Max time kernel
101s
Max time network
123s
Command Line
Signatures
Renames multiple (2741) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\e2c01d14bb49f5e8a8078fdf949fd5b55bb115bccbfb85aeff3beb16be36741fN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\e2c01d14bb49f5e8a8078fdf949fd5b55bb115bccbfb85aeff3beb16be36741fN.exe
"C:\Users\Admin\AppData\Local\Temp\e2c01d14bb49f5e8a8078fdf949fd5b55bb115bccbfb85aeff3beb16be36741fN.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp
| MD5 | af46152233064d59c5b59a6c64ffa35c |
| SHA1 | 42767e28e63e64fd7b378abeed8fcdb37646f23f |
| SHA256 | f5fbf7f25cffd948f6eb7f1127c82407fd9d774696f1d48ca6f29227d1b20434 |
| SHA512 | b04cae8e162ba9fde4a0edf4ed0b656c6585c8d4205ad9c92482c2355926a93da14961cfad86396612f51dfb05d94cd92d723eacfef26e3c829b5e59d3eb52f9 |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | cc3e447569b33d86d63296cd516eedf4 |
| SHA1 | c1b854e04a9ee734d2d32760c92b18a5c7b4925d |
| SHA256 | 1e331381fbe9dd521993ff2dbabe9e21cdaad272b282c5d22a880216ad9e428b |
| SHA512 | f111209f30c52322e91b6720f1955251d6416afb1794c16fd5c49aa2e43e4341711b12eea8b6d02806c64d3753ba0ec5e44535730b4bf1e70bb1078d3a85ba2b |