Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2024 01:29

General

  • Target

    f1e62a6ab8b591619a5ccd37413fe424fea58ef4ace810e772620f27ff0fde38N.exe

  • Size

    96KB

  • MD5

    7adc5ab8a091a35785d3e8f1158d42f0

  • SHA1

    f4b71f89f2e26f8199f34eb0a222323e8843da24

  • SHA256

    f1e62a6ab8b591619a5ccd37413fe424fea58ef4ace810e772620f27ff0fde38

  • SHA512

    b209389544d4cb32f372d2c86d61bb332c8fefdfcf8474a2ee158b0414eb8acde12ad0b1bd8bf64e13d43e6eb7f792ee19f6db4b5231a731e9736584016ee8a0

  • SSDEEP

    1536:a7ZyqaFAlsr1++PJHJXFAIuZAIuXsJtLJtU:enaym3AIuZAIuXj

Malware Config

Signatures

  • Renames multiple (3057) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\f1e62a6ab8b591619a5ccd37413fe424fea58ef4ace810e772620f27ff0fde38N.exe
    "C:\Users\Admin\AppData\Local\Temp\f1e62a6ab8b591619a5ccd37413fe424fea58ef4ace810e772620f27ff0fde38N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2120

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

    Filesize

    96KB

    MD5

    262cd5de93ffda1ef48a80f975843a01

    SHA1

    d4eaca07b1f3fb4e98a4cb2a3a0e5404621fb70b

    SHA256

    1ab0a17ad918677c99d027f11aed20e4d84ca557bff0aa544e12c6ed3bb15bf1

    SHA512

    c5036d5189cc55ce372335b7bab2b1fed3f7cb9c202e3adfa41b6fe110020fd1bb2615feab645be8acef98bdf0d6676e16d263b28dc25b26b91a8d22bc2fae77

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    105KB

    MD5

    05f041ee9e3889feff07263a95bcf28f

    SHA1

    7a6c58c3b3c330db2482619ee728e8d7e451f8ba

    SHA256

    8bd7d7e88a6223eb651ca8e6670b6c0a886e690fef6a0fd717afc64f55c6b5ef

    SHA512

    ac7e74c0d5cada7fd8d9984aeb2a9b2e413a61bf2412cc0297d8df9c1f5f5c01305e3272cb1585ab87729c422dda732a52a77e3c87a3cc4c1a3a28b43d49a1f5

  • memory/2120-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2120-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB