Analysis

  • max time kernel
    149s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2024 01:39

General

  • Target

    68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe

  • Size

    29KB

  • MD5

    b25719682e0c1e0b077751b4e33a7400

  • SHA1

    cc097ce3c49a97402950b4da61ad44d727e70b5b

  • SHA256

    68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9

  • SHA512

    1a4ce4ffe0e4d0f3e2b5404d50ea68d0ce64b80cd8aeb00947542b4eff654a6ae2c55083fa0368beafc6325b18c9846e9098850ee16edeadd365c884ad927303

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9woOzOuiJfoOzOuiJfy:CTW7JJ7T4MV

Malware Config

Signatures

  • Renames multiple (3795) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe
    "C:\Users\Admin\AppData\Local\Temp\68627ee9187ab43c99f8d28d4b888b8f78b2302a350525168b1dd2fac2f60fe9N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2976

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp

    Filesize

    29KB

    MD5

    9352ea659e75b10f271f89cc345f0dc6

    SHA1

    1d280d7f1be84e7385703f06b2591f2ff7701a43

    SHA256

    19669553443444b5388b56fc7957d82f8d70a9527f6e81c1bc2f463736b6dfb5

    SHA512

    fc443fc32f48f0d2e2b4fa2a07e2d5145e5bdeef363b9b57f01f1e9afb583a4c4b23ed274b52a3b59fb2e2d7e55840df782e0e51ed10ef5720232392e8d09a7a

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    38KB

    MD5

    92f594aba5912f3906ddd6eaa7e83592

    SHA1

    c34d1d25c49485604eb8e07c972554d2cda7ba25

    SHA256

    a35a2c73db308864234375254d83815be029ec8e03493f390a21cf0a732d6a92

    SHA512

    749a7123c12910a0ed7636983fe41911585862679a6d755e6b75096f0d41508ca49c97236ac09e7c3c4a4ab51ac234ddf1be9e0169b1d85ee813ac9c1f723c79

  • memory/2976-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2976-70-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB