Analysis

  • max time kernel
    150s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2024 03:37

General

  • Target

    efc94de13fd08da008fa80441742090e6042bca3b968905086cb599aa36eb178.exe

  • Size

    55KB

  • MD5

    0c855112ecd43d019fa367d931c2d021

  • SHA1

    b65d049651d30f25f08719fc25ee2fc72a75560b

  • SHA256

    efc94de13fd08da008fa80441742090e6042bca3b968905086cb599aa36eb178

  • SHA512

    affb03f16606f833ffa3c5240df92badfd1f07ec11b5f5565ccb599dd3015a5b84f71e34a856431cbc445e746285bc2cd7230f2d382f8ff9a7dc8bd3137dc1bb

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9kd0R:V7Zf/FAxTWoJJ7Tad0R

Malware Config

Signatures

  • Renames multiple (593) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\efc94de13fd08da008fa80441742090e6042bca3b968905086cb599aa36eb178.exe
    "C:\Users\Admin\AppData\Local\Temp\efc94de13fd08da008fa80441742090e6042bca3b968905086cb599aa36eb178.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

    Filesize

    55KB

    MD5

    e494aaf55bc44bb8695063b2ee8b68f9

    SHA1

    5512a704ab7608d507d47075eaa1acf82f87f2d9

    SHA256

    cb0d5a6b4a29866edd172aef60257e83f5b39bf696f38e0dc99646c220eb4923

    SHA512

    9c0f47fef4656733603671888f637f7d3149dd5618d7aae7f64dd57a57a86af673928fbb8bd647700772b8a0ff8f4a9f841f9021cb16536a137d53a3868a4c4e

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    64KB

    MD5

    3b476ffed8cd15f12cea8a050f41d33a

    SHA1

    834099449d08137be3e960e3a3785dbc2635572e

    SHA256

    9b6a8cbe40043b53e8b970d0bedd88f535a3367b183fdd8d23828d33450f092e

    SHA512

    07be5891c3f63d05097423d5d7c0e2e456c73f8a97295e8f738c1cd6339593c751496cfc8790c1616178a6210f98ab2c64c236c2d91687915c67d0a9e37280e0

  • memory/1656-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1656-26-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB