Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2024 02:48

General

  • Target

    b5d36987d3a74a9f1af4e705048e3212e3d1d19d54c6ced1326311de298fb38bN.exe

  • Size

    154KB

  • MD5

    27313bab9ce805ef77d7255ef3c4c200

  • SHA1

    cdc21fed58ac974d3a2142fd2f598e31c334a9d8

  • SHA256

    b5d36987d3a74a9f1af4e705048e3212e3d1d19d54c6ced1326311de298fb38b

  • SHA512

    3bdd0b3ef6fbf1dc9ab5471a8828a40d6383d049d472666190c3a491468ad4990483dfe611bb6674d93a3597b995197971a9d3a78d1703b331e8454e73ffdd5a

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxY5KwUTWn1++PJHJXA/OsIZfzc3/Q88:fnyiQSox5KwEQSox5Kwh

Malware Config

Signatures

  • Renames multiple (2838) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\b5d36987d3a74a9f1af4e705048e3212e3d1d19d54c6ced1326311de298fb38bN.exe
    "C:\Users\Admin\AppData\Local\Temp\b5d36987d3a74a9f1af4e705048e3212e3d1d19d54c6ced1326311de298fb38bN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2272

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp

    Filesize

    154KB

    MD5

    783ddae08bb15f5bf9819e32570ba558

    SHA1

    ff61b39bad63487e0f16ef90f2e0fd5db7935bba

    SHA256

    3e1f146a40a8aba05332ea08abf2ab6ab5b53f80315705db632509c0e9133bb0

    SHA512

    7fcadf8d29e687a5951c860e3cdf90fbd5001848c60eaaddce2e97d1d945a1df1bbdde0adfc099c801e115163f82a98d6d0db99dcdb31bd173b069a715e220fd

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    163KB

    MD5

    cb5585e551fac8414489f7bd8684d3e9

    SHA1

    4e5e067a4f7e7cd282bb37ed0fdabd0cdefe79ba

    SHA256

    0207a90424a813d8472bee0d28d865f68a30deddf3d3b6414bb1a99316055cbf

    SHA512

    b0c3c6e1778e6bf771f04c790678f2e8942cb5dabb3d43d1d11df947a9a1ca820541662aff04653f5e849d542d2f2eaf89b68fe1b5fddc149a6e75a7434b6183

  • memory/2272-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2272-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB