Analysis

  • max time kernel
    150s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2024 01:47

General

  • Target

    390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe

  • Size

    54KB

  • MD5

    023e27e6293794293a40378341c0b2f0

  • SHA1

    c94c323b4f528c6e16bc5726561637bf66f820b8

  • SHA256

    390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58

  • SHA512

    d0e02902f65db62e6c867acc8921da262efe44e97d0f4101cf65b96975ddc0df22e4fe3962c598e9bd627202073fd2966704f3f80e581d6c920e881cc3660dcd

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lsSThlEieBXEieBr:W7ZhA7pApM21LOA1LOl6vSjPWXPWr

Score
9/10

Malware Config

Signatures

  • Renames multiple (3715) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe
    "C:\Users\Admin\AppData\Local\Temp\390fcc4ebe35e8055d23c33c766d4b5d8fd09ada2d7afee1112d461c5e7d9f58N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

    Filesize

    55KB

    MD5

    b4f33c0efac6252308ca8d1c07e9f78e

    SHA1

    e98d4269345b5a348f20abdc552939462de75a86

    SHA256

    9b0e4dce4c0d1647856ec4d3230ced01cb8e074c5e147b4249c4c28ccfb9aa57

    SHA512

    be776ab38d1df7fc52d6fbec43bda63efc8982c0a9b696e65464b52f2cfd75f01ad02dbb2f7868deb230cd23e608a17e83ce61b1f4deedbb44d2536586961ed6

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    64KB

    MD5

    7577004dcf70385ac0bb033061203596

    SHA1

    675730130ec12291e33caacd49d5a6dbf8508c41

    SHA256

    4903fe46027fe17f04b6c7fb72e2401ca9cfcb08073214305d749de08b74f728

    SHA512

    bad69a6c36ebb90c699f15d5878586e360fda0ad989cc31cc95287f9b796d385e6e9c0fecf41da4fcd2c17d6cb4532a5c4f18210d31d6a67fd430492ea596eaa