Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    18-10-2024 02:43

General

  • Target

    c2e1d08dddb3d7e27c9252d2d236d6ab7df24ea2f6d6894ade9f93a530627dca.exe

  • Size

    100KB

  • MD5

    3bde4a3622baaafde0a9a99f5cb86421

  • SHA1

    accbfb53a30afaa1f4948f47ba365dc2c5070af5

  • SHA256

    c2e1d08dddb3d7e27c9252d2d236d6ab7df24ea2f6d6894ade9f93a530627dca

  • SHA512

    498074b477841f824dd9a37f8225d4fad8eb0b093ff992e72e1446953eafca4a7748589a694842611bdcfa829cfc415e42eddee563d9cba638552517350ce121

  • SSDEEP

    1536:W7ZppApsJNg0tdlAX+zq852d1F4V+kw2tJKSh2hKjEkjEZ:6pWpkuK4+bE1F4c2r4k4Z

Score
9/10

Malware Config

Signatures

  • Renames multiple (3447) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\c2e1d08dddb3d7e27c9252d2d236d6ab7df24ea2f6d6894ade9f93a530627dca.exe
    "C:\Users\Admin\AppData\Local\Temp\c2e1d08dddb3d7e27c9252d2d236d6ab7df24ea2f6d6894ade9f93a530627dca.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2292

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

    Filesize

    100KB

    MD5

    e39b810df3d1db4e5b8b7923f5038184

    SHA1

    370316f3744e3582adf909a1ea7449720c2726d8

    SHA256

    3fb3ed30bef05be05b4ecb0d041545f9ac0d03545d15c1c6f18d48410fc66e71

    SHA512

    82b19e95b57d3d9662d4af1b544c3f281e5d3eb9451572f71c33508403de937d4a7123c5d9292cdd8e7f8fc268c945acbd1c0e6bf642b6ffb89af3f8a72755f2

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    109KB

    MD5

    f382eafc78e7a17194ef868101339fa4

    SHA1

    b408152c092dbff945f9c55ebfd6881a9f789f0d

    SHA256

    40de3ace61e47ea66cec35c7cc4a8cf5863dc2ecdf7a48ca4c22f90c41abc748

    SHA512

    bbc5469e6e96129ba2e9599369c3fd43d84d197477acc9cde3494ef4cbddabe7f4ee91205e0f39da9dd6833e35e4b9e1bcb74ee1f9027da4918fb14d8dca9e8c