Analysis Overview
SHA256
2aac62fcb0ac3a22b8d9dd163c2032bb90ffae397d64e8ccb184bacd8e8115cb
Threat Level: Likely malicious
The file 2aac62fcb0ac3a22b8d9dd163c2032bb90ffae397d64e8ccb184bacd8e8115cb was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (4860) files with added filename extension
Renames multiple (3460) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-16 19:34
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-16 19:34
Reported
2024-10-16 19:37
Platform
win7-20240903-en
Max time kernel
150s
Max time network
120s
Command Line
Signatures
Renames multiple (3460) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2aac62fcb0ac3a22b8d9dd163c2032bb90ffae397d64e8ccb184bacd8e8115cb.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2aac62fcb0ac3a22b8d9dd163c2032bb90ffae397d64e8ccb184bacd8e8115cb.exe
"C:\Users\Admin\AppData\Local\Temp\2aac62fcb0ac3a22b8d9dd163c2032bb90ffae397d64e8ccb184bacd8e8115cb.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp
| MD5 | 9576d0a94e1df3f5b064332ef314f9c5 |
| SHA1 | 0c836c6416c39a66115ece256067a6bffd11cd2c |
| SHA256 | 65a905442386d158515a19ca121830442a7361ee1c66025fc0579c768844e694 |
| SHA512 | ec7d79f74bdbc34a7e0e56846024ce03c1d77901e246ea6229f2694a03a539045703f4e792334d6733b4b157e7ef2f28d93ced021cb842398bc40748365a379e |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | 63590d320396a4351d21a0981c74db1d |
| SHA1 | 10a8c30fce87f215f282521ae6c1be9f8dc60ab2 |
| SHA256 | 97e02f7ec1789dca7df36ab88c0067b3d9291c0742a129dbf51b0d5b8de5636f |
| SHA512 | 8a80c8ba1e4535e4983048374f06ae55b0d5f744d4d0d15813cd88ecf1420b674865063275da4496deb03a1606db865255e9ee2b68a4fedc20eac00625456a0c |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-16 19:34
Reported
2024-10-16 19:37
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
123s
Command Line
Signatures
Renames multiple (4860) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\2aac62fcb0ac3a22b8d9dd163c2032bb90ffae397d64e8ccb184bacd8e8115cb.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2aac62fcb0ac3a22b8d9dd163c2032bb90ffae397d64e8ccb184bacd8e8115cb.exe
"C:\Users\Admin\AppData\Local\Temp\2aac62fcb0ac3a22b8d9dd163c2032bb90ffae397d64e8ccb184bacd8e8115cb.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 150.171.28.10:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 4.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 197.87.175.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
C:\$Recycle.Bin\S-1-5-21-3756129449-3121373848-4276368241-1000\desktop.ini.tmp
| MD5 | 4d3c86d81931a51f68d05ac42163964e |
| SHA1 | dcc80088cbf5eb7d857f80b033ecbd738eab5a96 |
| SHA256 | e142841bf8e37e42356b5392ebedc4b252e957317cd9ae786262f47f7df4212e |
| SHA512 | 18c98c81c79a4a2929ef96fb3254ac28e1bedb5f96381437362f47a60a9c9afa625476eb4ae6671224a3b424c5a4345b8783687cb409b83505056740eebf2445 |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | 71da7319f165d30bd0bceea01b415f3d |
| SHA1 | 1690c101f75f12a389e02dd0dbc05dec880abf84 |
| SHA256 | 245d57d8b3f9d8ca2728aa8587e5f911d14829378259c8126956f3d3956fd243 |
| SHA512 | 74cc662533d78d8a37ce6f38a5c69e00f03c3d4a29643e7f30faee524fc3e6a9b14928ff09193f4cba005037394aff45fe56226a317d1028ef0c45b401ce855d |