Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2024 02:51

General

  • Target

    df317e4cea52c5257ba2cf73877aaf12fa5c70786f7aa1bb617c3a552ac78f21.exe

  • Size

    51KB

  • MD5

    0f2950327848ea38a94d7aa3efbfd862

  • SHA1

    8075eaa7778e10a9455bb185a9f9851e52e2634b

  • SHA256

    df317e4cea52c5257ba2cf73877aaf12fa5c70786f7aa1bb617c3a552ac78f21

  • SHA512

    c9357016745d5b32173aafe000b4c311d2d494f18177d50f58c68809cd40ffaf22dc20d0953bdaadf16a24c8c98e13efd45859d16b7e2dd2e519c2f0d65ea663

  • SSDEEP

    768:kBT37CPKK1EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKeinMdn:CTWUnMdyGdy4AnAJYq8YqiXb

Malware Config

Signatures

  • Renames multiple (3779) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\df317e4cea52c5257ba2cf73877aaf12fa5c70786f7aa1bb617c3a552ac78f21.exe
    "C:\Users\Admin\AppData\Local\Temp\df317e4cea52c5257ba2cf73877aaf12fa5c70786f7aa1bb617c3a552ac78f21.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2716

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

    Filesize

    52KB

    MD5

    be93e4dd4f593af452204821665cf352

    SHA1

    e952e20a7e54660c5238cf4618344f93f82b2efd

    SHA256

    9a76f17d95564f26d81075c50a09e9d5f7ba2c0e03292b26f53600a2ee13fbcf

    SHA512

    572295b05c338508d914621fa316cb2c124f3fc93c783a9d78ba72b609b16eca2000903b025d31ec77336ddeafe4011a9e005198b0be3c20e590c07457c80e0d

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    60KB

    MD5

    ababc26ad2b897e2177c359fdab087be

    SHA1

    1fb77e7bfa448195c3508d6361c6124e0ad40560

    SHA256

    5dce474a6fd1af8cbb49ba58c46bc94eadddfcad61d198904b48505b6458390a

    SHA512

    67bbfecb2d6deffc5fa991f388aaaa022df3557cdb043dcd462d3cbdc283f0eebb3b5f0f1b36f696703200bca62959fe597e4f6fb2ec1f9fee706d8d960d560d

  • memory/2716-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2716-75-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB