Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2024 02:49

General

  • Target

    b848a0f6bccb12ca632cb96012ed0c4d1b0730d6c9bd33d29a0ffc2ddd549735N.exe

  • Size

    61KB

  • MD5

    74ffee820845401576717cd1d4e5b2d0

  • SHA1

    b4f2f674e11a6cc065f62bf3dd6e18716af551aa

  • SHA256

    b848a0f6bccb12ca632cb96012ed0c4d1b0730d6c9bd33d29a0ffc2ddd549735

  • SHA512

    bcf842fe48c29061779a3cd58a6a21200a6fbdc0436245bcdf8378a4bd35b0b05c42f09c8899734bc5f0be9a2ef9fdf247549fecd43642287fc32f001c8a0439

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9eEUI0n0uI0n09sg:V7Zf/FAxTWoJJ7TU3n0Wn09sg

Malware Config

Signatures

  • Renames multiple (3208) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\b848a0f6bccb12ca632cb96012ed0c4d1b0730d6c9bd33d29a0ffc2ddd549735N.exe
    "C:\Users\Admin\AppData\Local\Temp\b848a0f6bccb12ca632cb96012ed0c4d1b0730d6c9bd33d29a0ffc2ddd549735N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

    Filesize

    61KB

    MD5

    4059c90394b41eb59bfc5bce102fe4b2

    SHA1

    c25ed37f1b2740721c6ffb78521ce81441778d92

    SHA256

    f35f94a843c7bdd4f75c0f9b446db512875fd9f87353944898107edbc2f82ae5

    SHA512

    964055ee31c1d697295901c1e7194711d2dcee616484079610fadd79a2eae2ff58316c3f9b550b014db91dc9c67c8ad67a28636a2338eab23966a305cef4529f

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    70KB

    MD5

    3b23809db7711e05f51900fdd7a98c3b

    SHA1

    e44aec25aee2b89bd8064d400bf9dbf08b604d12

    SHA256

    6d19ced14871b5828e7d41f9d7f385805a703f1c9e62e35772f62e9c890b223f

    SHA512

    94858bd2919a634487bb2199cb34d21b1aa859111acb395d706d2aa25a054c37049a5adcce1795107f5da5b0e1b32e57d4b26239f08414b2b40e729048c1d891

  • memory/2692-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2692-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB