Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2024 03:27

General

  • Target

    3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe

  • Size

    56KB

  • MD5

    788b975223e3a4bea328f2c8bea0a280

  • SHA1

    3129fabb60b2787c963110406583a0c1885b032f

  • SHA256

    3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384

  • SHA512

    655655bb7cc48891f0126972b79e277abcacbb37f6bad4b6adff8f6458bba0f30a17b10e69ffa91130827649ecb69e495c0f456caa18d154dd6f62cb0ec8e26b

  • SSDEEP

    768:W7BlphA7dASbSjJJcbQbf1Oti1JGBQOOiQJhATNyQYCpCPzzgpQZ+zzgpQZ+TQp7:W7ZhA7dABJJZENTNyQYCpCP44sjTj64R

Score
9/10

Malware Config

Signatures

  • Renames multiple (3635) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe
    "C:\Users\Admin\AppData\Local\Temp\3b1cdaa96da09ad7a7b1bef18a76b96c0853d580e64c63227ca6c26601971384N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2416

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

    Filesize

    57KB

    MD5

    1716b79fd13fa113dcf7dba1738b1f28

    SHA1

    28f18e87cc7049ba8c0996a7d223d0518d958277

    SHA256

    16bf2338a4a3166780de50778359516193becbbc90a9ef2826931321948b93a1

    SHA512

    30e22eece72a722cbaf14db0dbef4f931d300aa5b616c984efd9da5809596cd365e8c379405c3cf7674fc9e637015f0ad8c5dd50c3577ad697f5278474ee4c04

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    65KB

    MD5

    4a35858a65d94b0344b33d96bf30724e

    SHA1

    e7b67e08166af761a13b1a2e4012af39da91ca37

    SHA256

    f2df22c37d609922403bd34431f1c206065e13a1552dbfc6ee63bcfbd9744c4c

    SHA512

    d209e1d2334172153207dd633f09c79e9eae97620bdaab7ee32e2359d7913401e05942bb119d4d7de5961f33f1c6c3b64bc409bf1a96570ae9e89634965dc67c