Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2024 03:12

General

  • Target

    19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe

  • Size

    31KB

  • MD5

    b80cd31087452fd3015c08670a167780

  • SHA1

    7e5d4bb1d1af7797422c206720ed4a4cd851d13a

  • SHA256

    19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230

  • SHA512

    e530fc7f6189bf3f6bc8a6d804b5d07a9216a53c0106a5329dd308231d8f0e747104fd1fee1bd49534a18e595c1528f88cde626c6608d36f70298f2f4af00a16

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9woOzOuiJfoOzOuiJNaI9aIOt:CTW7JJ7T4MFt

Malware Config

Signatures

  • Renames multiple (3250) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe
    "C:\Users\Admin\AppData\Local\Temp\19c4f1cd40170869f44ced51d2ae1b4cb0c1eb034a14cd5f874491f8c561d230N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2524

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

    Filesize

    31KB

    MD5

    a07aa9c2c9684f621e3a6dc91884f441

    SHA1

    bb5f2e5691acbed7bcdd3577fde5f79a57217b38

    SHA256

    58c55c41bddfaeb638f810009717caf4de02e188d29db56f9a236ba022239729

    SHA512

    034cea08b2e498d1cae75777f0af87f3f2cbc82a2d0ed42e514c9f1a79a30e18dc3cc2e93967c6a4a9b0201bb88ece921a8458ef4c8b81b7e7d2ac44d41ad3a1

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    40KB

    MD5

    8b70eef25f2dee009d2a77b07c0bec09

    SHA1

    079a8398840792e394b204d2bd9f81c027b984fe

    SHA256

    eee63e9d4b2f59f522cf2c8f15cb84e55cb51a265dfcd31532b18435006a3d40

    SHA512

    9206cb53cbe545b845c3b22db25ee790c5fb5faf8fbcdd55ab21e9c6c87da9bcdf0bce7cbbbb700ed882fffdfdd5590141339851520d8891a04624d63f2711af

  • memory/2524-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2524-70-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB