Analysis Overview
SHA256
39ee578f0d2e4e8541470652fbdb50287f5f0d3e501fe1bce9fda83b6cf31aa6
Threat Level: Likely malicious
The file 39ee578f0d2e4e8541470652fbdb50287f5f0d3e501fe1bce9fda83b6cf31aa6N was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (4505) files with added filename extension
Renames multiple (2935) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-18 02:31
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-18 02:31
Reported
2024-10-18 02:33
Platform
win7-20240708-en
Max time kernel
120s
Max time network
118s
Command Line
Signatures
Renames multiple (2935) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\39ee578f0d2e4e8541470652fbdb50287f5f0d3e501fe1bce9fda83b6cf31aa6N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\39ee578f0d2e4e8541470652fbdb50287f5f0d3e501fe1bce9fda83b6cf31aa6N.exe
"C:\Users\Admin\AppData\Local\Temp\39ee578f0d2e4e8541470652fbdb50287f5f0d3e501fe1bce9fda83b6cf31aa6N.exe"
Network
Files
memory/1864-0-0x0000000000400000-0x0000000000408000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
| MD5 | 1882d9832432c819b1da4a4809b28c08 |
| SHA1 | 4210ef68c6b220b8a5966ca274a43d77dd686c92 |
| SHA256 | d1742d767f72cab3532c79ce044c93921d93eeef4c632b996f0cf97630a0da57 |
| SHA512 | 8487b74268c9e186a9738a9c2df32d688758b7862893b4b451bdeae2ecb6982041f87076d314b462a4a70a8cbee755f3198305c81199c1cfd3b899122174dd7e |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | d2f22b0b32f9834ff57f205a549107e5 |
| SHA1 | 7e6bf800611d68d015db129cdc93637a2e5938bc |
| SHA256 | c0bd35527bab196a2c9acc99f6910ce0aa4422b2d517b1bfcd87ee096abd3f69 |
| SHA512 | f2008c7d6f3ba2d0791e65ada0fa6b04ec2112083e5bae28c629a53e5adf9fb73d01391e60c1faebe4355ed91d74578e1c5e635ffef746b28d683981adfb6f9c |
memory/1864-68-0x0000000000400000-0x0000000000408000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-18 02:31
Reported
2024-10-18 02:33
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
107s
Command Line
Signatures
Renames multiple (4505) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\39ee578f0d2e4e8541470652fbdb50287f5f0d3e501fe1bce9fda83b6cf31aa6N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\39ee578f0d2e4e8541470652fbdb50287f5f0d3e501fe1bce9fda83b6cf31aa6N.exe
"C:\Users\Admin\AppData\Local\Temp\39ee578f0d2e4e8541470652fbdb50287f5f0d3e501fe1bce9fda83b6cf31aa6N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 75.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
Files
memory/3900-0-0x0000000000400000-0x0000000000408000-memory.dmp
C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp
| MD5 | 6bf43e953f887ab6be6dc08d136ed947 |
| SHA1 | a32cb11cc9505776b75bf79addafdef7f4c6fc62 |
| SHA256 | b35af9de0cceb020539f46bfe5cba7dc8353131494f821f0536b791f4cce06f8 |
| SHA512 | bacd19b7e55c11b1579e5190a063aa660f3fe449bab7b476b93025a43917646438044b33dc3a49be3b6bf0529971a83f0924a4f1a82831557b261b4345ffb8b4 |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | 9263b6cc2d035283da0afb6ebbc58742 |
| SHA1 | 98f06bcd0f91b7f372cadf21c95e9cff5de93883 |
| SHA256 | 5126609de35bb960b8e23b9edd90eedfeb5d385a8c185efd128ccad3a442e0a0 |
| SHA512 | 8aabf1b9a743ab808aa89ee0fd8402aa019523b27cfa859e4ce4c7d806d5577be6080f95e5da14c6354d01021f945d2b3f212c7792c23acb30875b81f0ac580e |
memory/3900-658-0x0000000000400000-0x0000000000408000-memory.dmp