Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    18-10-2024 03:34

General

  • Target

    d8612e0e75a79b5a916a9250038e4dd1f388f4ae5034dfd54570aba1c6b2d38a.exe

  • Size

    95KB

  • MD5

    b6939b4e790623ba29424dcd7a57d92c

  • SHA1

    0806ec9ef233d21dbd83da882c16a4965d85153a

  • SHA256

    d8612e0e75a79b5a916a9250038e4dd1f388f4ae5034dfd54570aba1c6b2d38a

  • SHA512

    e92eb0b6f497b396f32008c69c1dafd31302f342241876e2528ecebd9cb584aeeeed2ed3103cf09edb5b3efa995bdd38195482b56c89210245c0b5aa45d28cae

  • SSDEEP

    1536:W7ZppApsJNg0tdlAX+zq852d1F4V+kw2tJKSh2hC:6pWpkuK4+bE1F4c2z

Score
9/10

Malware Config

Signatures

  • Renames multiple (3458) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\d8612e0e75a79b5a916a9250038e4dd1f388f4ae5034dfd54570aba1c6b2d38a.exe
    "C:\Users\Admin\AppData\Local\Temp\d8612e0e75a79b5a916a9250038e4dd1f388f4ae5034dfd54570aba1c6b2d38a.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

    Filesize

    95KB

    MD5

    51fdcb8134b118b97dd4c5381e28edf5

    SHA1

    604cdff482e61e98defe29b8a75a52c42c0dd43a

    SHA256

    bfc25c361c77a095454278f11392c45602f4667c9319ece138419e4f0f7c7e63

    SHA512

    452f0be49d3d0778cb4f58ebcd8172bb53b427493c751e60aa822c834fc06137c6d20f3adc7f3462e738dedea4d302a428968722eb95bf5b7c9ec0a07580c978

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    104KB

    MD5

    22ef3645280c17116ddc567a0cff1a4b

    SHA1

    abef9c84494b4f7115107984915bfaec871f1c58

    SHA256

    7d5699f9b66960bf4b28c4bafb44edaf68ff40a51ea1bf7b994222989fbdc9c0

    SHA512

    b23d50ea90483e5e8f7c0856eac64f71a1fdc18b383f8af875f06bd30347b1693005a4306fdf83a1fce832f1d520b00286f0e9066aac4fd1ca7b02dff9abbc78