Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    18-10-2024 02:53

General

  • Target

    7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe

  • Size

    39KB

  • MD5

    eaf5b6b958b26ca5c40eccbef70f7f10

  • SHA1

    1ba7c970629e8e9a8202410792f3e8807056e92f

  • SHA256

    7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fc

  • SHA512

    c7446c1d822d1b93e633089cde1a92ed2ef7a0af1ffe2d250349d5597342b54fdc04f1aafaa87fa99db500f6d2ad4d8f8b089791536244ef23b95fba1641648a

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9Ro+QOViJfo+QOViJEopodSox/6Sox/9K:CTW7JJ7TPUTEu

Malware Config

Signatures

  • Renames multiple (324) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe
    "C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

    Filesize

    40KB

    MD5

    843f1c0feadd8ace1ea1897bbfd44e1c

    SHA1

    e7f80b191e61914753abf177be43f1f3bdf433bd

    SHA256

    e65188b35ea8479d69fe67cbf760c41a6e80db3fff3431253b322f9e8d6a05aa

    SHA512

    2979793599d70954afae8375c7066136a7d991940b827171e5f75e8461843b94ef7954ef813f73f80ee59cf368b54fa05c82178bc0bb67eb9a16c9e5fce4067e

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    49KB

    MD5

    3a8dd87f9f04fef2ffa78f1cede36475

    SHA1

    41afe1464a5bc08db7bbc19518bd3e2a0a4e460e

    SHA256

    a56f32ac37aa904218544aa72c7f874a2e8ef1b3d51bafbdd09a13c5215892a4

    SHA512

    ef6a9fa05440938ae4e6867678dd9455c99987d3bf2be87d6d7369e099e786fe3c235eab07095dae8f05bbbc07735da85a9c8253ce9b331342b5af0a259d48c2

  • memory/2076-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2076-19-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB