Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    18-10-2024 01:52

General

  • Target

    726955cfa25a870e192d8f38feb1890328af8474a5426452e2edd7c78eface0cN.exe

  • Size

    63KB

  • MD5

    da404026ab952da41d2890c66312e430

  • SHA1

    9967ed0ab0e2f97bea5994fc54b4adb11b17e28e

  • SHA256

    726955cfa25a870e192d8f38feb1890328af8474a5426452e2edd7c78eface0c

  • SHA512

    a5f9e1a6e6dd4773d7f322580590c7dd70f8846596a7d7402f4583568827f215e85d5e1dc016da14d730204e99f57ff90d6fe83efc130056901dffc1aaa6c863

  • SSDEEP

    1536:V7Zf/FAxTWoJJ7T3cFMOu/h6HSKX/8KX/FdyGdyH:fny1bcH0

Malware Config

Signatures

  • Renames multiple (3138) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\726955cfa25a870e192d8f38feb1890328af8474a5426452e2edd7c78eface0cN.exe
    "C:\Users\Admin\AppData\Local\Temp\726955cfa25a870e192d8f38feb1890328af8474a5426452e2edd7c78eface0cN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

    Filesize

    63KB

    MD5

    01a93dbc488b479d68d0ac11f45d3253

    SHA1

    54f7b3d6f9402979e14b63fc42bc3f1a53d899c2

    SHA256

    4471e0c0f826135986b8cbe611f52b0e389528d6e9d555d0127eb7be0fd91d74

    SHA512

    d74f602c47ad028e9a04a930fe4cc73e6ecd4e11e08157201590326e978bb151c811aa45fa2dd6b2971023d6cacfdbc87f2b9252635d26333e4387a8f87be206

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    72KB

    MD5

    406505908212692ce4683bcc02aeb8ee

    SHA1

    268f726d6a9991694ad40aff12ae6fe18dae82cc

    SHA256

    b8a9c472ed3b936da661c805ffc149cbdd1fc4d9c85e3956e0739caa14f52869

    SHA512

    57c02d1d1f4c88997c1fa63038889dcef5f2c13c2125845e37f9ea5b7ca2e9655e2cebdf35d427e450dc6834fa45095174dd3b36d3a177687b8d2883faba9103

  • memory/2420-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2420-68-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB