Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2024 02:53

General

  • Target

    8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe

  • Size

    65KB

  • MD5

    71814d5f3ee8f902eaa026aed40e70d0

  • SHA1

    1ee8f8c2c84e58eaed4be98cba015f4bc17dd926

  • SHA256

    8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09

  • SHA512

    c1494fda2ea17ec50f7f47ebe7070b38397e2038539e094221a4399a0fe32061b5221355eef34c44e6c7d45c20ad24f6aacba0fafbb0f648687196feba917708

  • SSDEEP

    768:W7BlpppARFbhHFoqAJwBqAJw1VyjVyUA9sd8dF1Z12wDwm:W7ZppApyVyjVyJ9r1Z1xUm

Score
9/10

Malware Config

Signatures

  • Renames multiple (3246) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe
    "C:\Users\Admin\AppData\Local\Temp\8b36801bd5f6c1324cbc16a60aa4772e62a99855935fad3a26942324dca0bf09N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp

    Filesize

    65KB

    MD5

    adc200634e6da861a134ca122831b867

    SHA1

    4c115656092403ef43a4683296c3087c70e6e078

    SHA256

    9034c3c108e053721be1c0a70113033b10c16f0ede87c75f499826cba6cc510b

    SHA512

    100eb549095e74573ea3560bbe2486393bde934ad8ec570e22364ed2cf51bf53819e2257eb44a0c0d71b1a124fdcacee38d98c4d61da0f911aa4416484943f84

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    74KB

    MD5

    a51a9252bf69b3cb8a65fd24203cd4e1

    SHA1

    aee02817bd83ef04ecdd279d39a28a9d1300dff7

    SHA256

    8e87aae291bb8e6a2703b1aa2652d0d215545cc65f75647863093646c11a3480

    SHA512

    a3021b33f98fbab25b84956089c5769aa5f2fbaefe8f62d9c50f282496f2322a15364eab03067ae05f29a8c59edf429992a80968af41b18f8e83b29f800c9e29