Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2024 01:59

General

  • Target

    58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe

  • Size

    48KB

  • MD5

    533d643c85ef67d52eae7867d4e195c0

  • SHA1

    d4e1ccd0d2294f1b5685add5d4e4bd3bcf14f17e

  • SHA256

    58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2

  • SHA512

    f6c113942d723fb1b232acb766e0b3fe7584e0b897f92c6c4bc2f2860b77f7b5f60ef94eb60fab7c148381aceed1fed897babb6f12b85606a31e268ce21ab679

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lsSThF:W7ZhA7pApM21LOA1LOl6vSb

Score
9/10

Malware Config

Signatures

  • Renames multiple (3181) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe
    "C:\Users\Admin\AppData\Local\Temp\58c40bb060bc7271af5b1ad8ffb93314a0b5149f2af4e3aa12fe08f2212493f2N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2112

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

    Filesize

    48KB

    MD5

    ad6ba7b1bfee842e1e2e430a3007bb1d

    SHA1

    7d170a4393525ae431550d192bcebfd69468856e

    SHA256

    a356372fb924b0c9b0175912741e22e8ee0bf6531924c5ac6aa1144448f81dd7

    SHA512

    13db172cafe51f2ebc16149ae9eac30e7f451b5897b44b5ea4e192bd194981b713f3069c0cb9afacee49012e86060716205cc9adef0e0dfa65e9dead5d92180c

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    57KB

    MD5

    9092da63c0de04a36e4d2346e63d32ca

    SHA1

    075a9266202903beb89c2848280390ed5cead399

    SHA256

    accd3ee268f80c5f0a2dfb7f1d3fcefc2914b78233e2e15494945f1ae8e3beb4

    SHA512

    7bf21959a53dfeda7fb9303bf31a3dd2923f16a3ab549e8e13f9b744a13fd424b244b0a7b45c4b1ee5874ec773b4b09219b6332457a999ada1b43154c6971375