Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2024 01:45

General

  • Target

    390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe

  • Size

    54KB

  • MD5

    023e27e6293794293a40378341c0b2f0

  • SHA1

    c94c323b4f528c6e16bc5726561637bf66f820b8

  • SHA256

    390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58

  • SHA512

    d0e02902f65db62e6c867acc8921da262efe44e97d0f4101cf65b96975ddc0df22e4fe3962c598e9bd627202073fd2966704f3f80e581d6c920e881cc3660dcd

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lsSThlEieBXEieBr:W7ZhA7pApM21LOA1LOl6vSjPWXPWr

Score
9/10

Malware Config

Signatures

  • Renames multiple (3261) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe
    "C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2412

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

    Filesize

    55KB

    MD5

    9dbd95e63a49489a011e87864778d215

    SHA1

    1da0d12e0af8d318e7b57a3e77c2c34ee1c6eab8

    SHA256

    37f45d072db4766205feb3ade5bfb48f94cc5caebe1501bb3b9fdb614560e07a

    SHA512

    62e0a751ed86886b7c583a5d4dac6cf942efb4b543911fe0cacac56c6b31d76bea31def25b4b322db336f78d46d0c77b7c936aeef21b558b70529a2c4dc9b1a2

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    64KB

    MD5

    2ba5ff0a5d07ab95cb50cdac23b9a302

    SHA1

    0751dfb94144f08fd222bd6a449c653266a3c918

    SHA256

    47353791b6f5eac19e637e63aefad8069035be6ddeece46c5f111c9dd7f3af6f

    SHA512

    cba1c1d9a067c478ec93f91386a7b636eb59c9b72ef2d6a2688a928e4a296a2d46e02ab21bd6cd841537b1c0a11fd74210aa9cb37f919836ba04af88b98bea26