Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    18-10-2024 02:31

General

  • Target

    39ee578f0d2e4e8541470652fbdb50287f5f0d3e501fe1bce9fda83b6cf31aa6N.exe

  • Size

    79KB

  • MD5

    f6dd52a290457e27e3a0d1c092219230

  • SHA1

    dec97628ca215c2f97c7cbb39417f95b2dc4f719

  • SHA256

    39ee578f0d2e4e8541470652fbdb50287f5f0d3e501fe1bce9fda83b6cf31aa6

  • SHA512

    55db90395fa7c00eb8e7bca6024148cbcea2e885087643797f41b7c86489569bd7330a367e2626f2f53174529f6d9460a02d7da947954db328f4e6c017d33430

  • SSDEEP

    384:yBs7Br5xjL8AgA71FbhvJUfWGUf2X5nUYXxX5nUYXyuXvuXxhjOIC8UnRIC8UnLi:/7BlpQpARFbhiWbs5nd5ntXWXxh6IOIP

Score
9/10

Malware Config

Signatures

  • Renames multiple (2935) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\39ee578f0d2e4e8541470652fbdb50287f5f0d3e501fe1bce9fda83b6cf31aa6N.exe
    "C:\Users\Admin\AppData\Local\Temp\39ee578f0d2e4e8541470652fbdb50287f5f0d3e501fe1bce9fda83b6cf31aa6N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1864

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

    Filesize

    79KB

    MD5

    1882d9832432c819b1da4a4809b28c08

    SHA1

    4210ef68c6b220b8a5966ca274a43d77dd686c92

    SHA256

    d1742d767f72cab3532c79ce044c93921d93eeef4c632b996f0cf97630a0da57

    SHA512

    8487b74268c9e186a9738a9c2df32d688758b7862893b4b451bdeae2ecb6982041f87076d314b462a4a70a8cbee755f3198305c81199c1cfd3b899122174dd7e

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    88KB

    MD5

    d2f22b0b32f9834ff57f205a549107e5

    SHA1

    7e6bf800611d68d015db129cdc93637a2e5938bc

    SHA256

    c0bd35527bab196a2c9acc99f6910ce0aa4422b2d517b1bfcd87ee096abd3f69

    SHA512

    f2008c7d6f3ba2d0791e65ada0fa6b04ec2112083e5bae28c629a53e5adf9fb73d01391e60c1faebe4355ed91d74578e1c5e635ffef746b28d683981adfb6f9c

  • memory/1864-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

  • memory/1864-68-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB