Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2024 03:20

General

  • Target

    0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe

  • Size

    59KB

  • MD5

    c20e65870810ff1bb985a801eaa0f490

  • SHA1

    a3fd6cf43851bd8e4fc6213454e7d0efd374477b

  • SHA256

    0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26

  • SHA512

    a5937e45c4500ef4b2ec9800bac14147901d4b5a6034fecdc9f2c7c2719b96f804377e7bf3a3ee653104a69082dbed61aa5bd2184f94df1ee6ecdb398458ec1f

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9eEUI0n0uI0n05:V7Zf/FAxTWoJJ7TU3n0Wn05

Malware Config

Signatures

  • Renames multiple (3263) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe
    "C:\Users\Admin\AppData\Local\Temp\0cc5d9430311ac4c28b99013d4438977625c090bb1d5a49a74c9fe7ce7ceee26N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp

    Filesize

    60KB

    MD5

    8fa15639293dedd16c21d86a4598eb43

    SHA1

    e3c09a9621ea052897e936cf2c6733a2c92e31bc

    SHA256

    10de1ad806acf509cec9ad95a3809119fa6ff91198c8efab848cce6f77e7a200

    SHA512

    b5fef76268c39b718ded6a83ff4880365b3eca1905026213f9c4e7138812f3f17424698d9f41104b14d90875859b714e0ab2a60974d722ad32e4e4de3885ac7e

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    68KB

    MD5

    43ea3cd25f54c0527c5e147d54652e38

    SHA1

    0b71ad498ae3ea0f646d1677c880147ce42e1846

    SHA256

    35be8fd0ad9743935f2fa9536e0ba16efe26ff71cd65f682891f8e9c2b935a5e

    SHA512

    113dc3b25486c9197d4f4ebcb994a7af55448b35c3e5bf8fa5e192eec34ffc4588b44a1b960fe47bf7fc6903aa07f9d0c3940108006452060c2bb553afecf77c

  • memory/2964-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2964-74-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB