Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-10-2024 02:55

General

  • Target

    7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe

  • Size

    39KB

  • MD5

    eaf5b6b958b26ca5c40eccbef70f7f10

  • SHA1

    1ba7c970629e8e9a8202410792f3e8807056e92f

  • SHA256

    7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fc

  • SHA512

    c7446c1d822d1b93e633089cde1a92ed2ef7a0af1ffe2d250349d5597342b54fdc04f1aafaa87fa99db500f6d2ad4d8f8b089791536244ef23b95fba1641648a

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9Ro+QOViJfo+QOViJEopodSox/6Sox/9K:CTW7JJ7TPUTEu

Malware Config

Signatures

  • Renames multiple (3941) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe
    "C:\Users\Admin\AppData\Local\Temp\7b32b65b25594ae7b562f72974fef7a7a432e588b694aa4e097352823a05e2fcN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2528

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

    Filesize

    40KB

    MD5

    31326ed9e6c0e37b8884eccbc8ea4de3

    SHA1

    c7050d34e3f6a7fbd88fd1d88dc5ce3243b366b9

    SHA256

    b9bc4182b889f0c2fd05656b1557d6253b7a99c39a7c9515e1da69d38b4d01da

    SHA512

    7aee0e4c48a2e72e6eeeb0da42670a7b6f9f99921277c9626411395863b240dcda61be1b3f3f06840c9ffc6205d5c20bd8e6518782f02d1f10b1d98da5124235

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    49KB

    MD5

    c6e70211ef9f25629e08833a54d981d9

    SHA1

    333ca3de1a49421c80db699ecd620c97ee5ab4cb

    SHA256

    781411da60c379565386ab30490b721d721616f644defa4dfb1a109d56b9ffd2

    SHA512

    92faba6087644db215f7c855e7459d15367623da28852b9c327f0ba352ba89274d7a86bcccf4c1561bec5df126c98ad4800c31cad6b70a7cfa14e8ad65019adc

  • memory/2528-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2528-70-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB