Analysis

  • max time kernel
    150s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2024 01:20

General

  • Target

    b56c77817ae941e0fdcdc96400028ed816edeb32add854df0177e1e7d8d8694a.exe

  • Size

    61KB

  • MD5

    5fee3115d283fdcffc5ce09e94dab0bb

  • SHA1

    fb668a72497332a7700c328f4f246b85dce4abbd

  • SHA256

    b56c77817ae941e0fdcdc96400028ed816edeb32add854df0177e1e7d8d8694a

  • SHA512

    b25b350cef3ab56371e78b6df26a0f92596b557420d4faead6f806cac3d7adf9a8100a679a0010f254634860156c25521747249c43ad8e13d255824465bf11ba

  • SSDEEP

    1536:V7Zf/FAxTWoJJ7TUoChyf7maVF5sQXThyaquChyf7maVF5sQXThyaqf:fny1oJ

Malware Config

Signatures

  • Renames multiple (695) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\b56c77817ae941e0fdcdc96400028ed816edeb32add854df0177e1e7d8d8694a.exe
    "C:\Users\Admin\AppData\Local\Temp\b56c77817ae941e0fdcdc96400028ed816edeb32add854df0177e1e7d8d8694a.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

    Filesize

    61KB

    MD5

    5d091c02315ddc0cbfdb39522a530b0c

    SHA1

    aafeec4480e026cfb88b422b8a393889a4254565

    SHA256

    1a8dfb5b20cf4ce6ff2863a47e3dd693159ed932f4cc6dca4f3041075b142cd5

    SHA512

    3d1706d1d93642dd99df24bb36226e3c1847119ce12491bd332de823c8423713427b952c835f0c8386372d4c6196068d272c32cd209e06f5dd83425bf10dc482

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    70KB

    MD5

    4740b4c2afac47b0b4f11bee16732868

    SHA1

    a1a076d6fad877b93d84dc271abf2c5441d44ef6

    SHA256

    6d2bbb9b8b41ca6763cbc22b76ea5a6540c931d173b8c5b3000baecdfda9c1b8

    SHA512

    0fcd6fc7075cb1a974b74db8a4e5e569e18688d637881f73322cbee60f2965ca57682f759c3110ea4924ca8e4376a1403bbdb2c446a48546a8ca389612ec6335

  • memory/2792-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2792-26-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB