Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2024 02:53

General

  • Target

    00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe

  • Size

    62KB

  • MD5

    4a0606a289c95da3733d98a64334fae0

  • SHA1

    b02762728d3db7fc384a25541855b745f7449da7

  • SHA256

    00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0

  • SHA512

    d69924242e54114badc8ff5c24f3f806425372afad7105f36624dc9e62ce3a2cd095bc310b12abe981341380918fb8b58ecbaa3b1c51b434f11970b2db6cf30f

  • SSDEEP

    768:W7BlpppARFbhHFoqAJwBqAJw1VyjVyUA9sd8dF1Z1z0bvl:W7ZppApyVyjVyJ9r1Z14bvl

Score
9/10

Malware Config

Signatures

  • Renames multiple (3269) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\00866d37d4dcb49583bf27fddb4973be22085e528dd24a24ab762312723544f0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1908

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

    Filesize

    62KB

    MD5

    e2cb3a7376203268fda5dbb5b4bcab51

    SHA1

    556fe099f5d61b28a74ee2ff27e976add3606595

    SHA256

    f8061283ae11af3427279669ede41b19847b5f2e6877a15b111697bef044508d

    SHA512

    a4a9ac05541fe3698936b73038aa1c19781b6168626fa20e751f277c4f3a46a2035fb22cf0fa3cc522ee0a9e33cc749ce78344cf1228af3e8641ca500c9a160f

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    71KB

    MD5

    0da7f284c276e842f30507a2b831768b

    SHA1

    252142eb126c183540f4b9a83e85df430d40b9cd

    SHA256

    dfa20c70fc6b862017923fc40115de698ff953bce495851cc9223ab25ad6827d

    SHA512

    dc2b60528e2c9575047c0d89dae68fc942b39c98593c9a0d40eabe120014adcdd707841a0fb0a155b53fdb05409422d33daffd184aaa4b24175570fbe4543d0b