Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2024 02:28

General

  • Target

    5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe

  • Size

    64KB

  • MD5

    8294f5cdfbfe0f303d0464f6cda77f50

  • SHA1

    c8b491e041cd271651c6adb8a83618ef265fea4f

  • SHA256

    5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68beb

  • SHA512

    a7d334a1c7de628a8515e6d929f8bf5d4b901c0bbfa17a029b16aea53b8925c975326d4367a5cd45a2b1296f90ca0add8edd052572fb9c1d70883f7e8d8cc39b

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9eEvCsZCsWQetQe7:V7Zf/FAxTWoJJ7TUcdWXtX7

Malware Config

Signatures

  • Renames multiple (3242) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe
    "C:\Users\Admin\AppData\Local\Temp\5e6e5bda201c8008699fe4d5ca5ad183378165a80443282f1f8a9ecdadc68bebN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

    Filesize

    65KB

    MD5

    d4fde82e3f7eb785b86b9d877f9a81d6

    SHA1

    8d9479b385be7574ecf665a91e78b5956fe0dfe7

    SHA256

    e644741f19882ab3e3bfa4efebbdcc748402212b59b30f82fe2e04975e687326

    SHA512

    7041f6cd54b4cd927d236885682aba17e67145d8eb1778b4649920526260189c0afb82d5f7cd6e5538df1ca09a204295026ae8ff88b08c03a924b561ca3f2a87

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    74KB

    MD5

    a8d9ee3ee4caee2f4d556569d2b357a3

    SHA1

    a2a19c47e6e175e543211d6e72ef8ac997978f38

    SHA256

    4e5bbc6d27ba50eff82bddeaecc4a9757124024b9138d5a9e279018fe450455c

    SHA512

    dc6fb43e29c742e64472ce2d392850aee1151b0115d534d035ea1e57fa8c2ff827befa1655bd74d3f9b7c32bacd2ea69d63f280d9ccc1ffc5fbc9d3d553bf047

  • memory/2364-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2364-74-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB