Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20-10-2024 03:27

General

  • Target

    ec5896a605b32f37a6924420745e500aa561d953ea85d3a1f50c4f9d2642a165.exe

  • Size

    71KB

  • MD5

    57b5098d87a08e4a2f3b7b29b2953407

  • SHA1

    1d6ac278dc6ac882f24dd39efd09e63117d93319

  • SHA256

    ec5896a605b32f37a6924420745e500aa561d953ea85d3a1f50c4f9d2642a165

  • SHA512

    ec4361a5fb1336ee6d8d90186f4aba29dfe4b2b2658574363ed3d9f8644e3e4fb0b79962d94d9c3e92ab11699f9fa233f02234fe97aea0cdc21d449be0a87e39

  • SSDEEP

    768:W7BlphA7dASbS7EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKe8:W7ZhA7dAynMdyGdy7YRY1tvtHrFK0K8

Score
9/10

Malware Config

Signatures

  • Renames multiple (3674) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\ec5896a605b32f37a6924420745e500aa561d953ea85d3a1f50c4f9d2642a165.exe
    "C:\Users\Admin\AppData\Local\Temp\ec5896a605b32f37a6924420745e500aa561d953ea85d3a1f50c4f9d2642a165.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2100

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

    Filesize

    72KB

    MD5

    1b6abad074ec4d103ba9c87af5eca7de

    SHA1

    79f2ca3f0a393f87b059eed762198fe5124b371a

    SHA256

    b8a969ebebecdce2a0e9be239feff087d5faa5a359cb05614e626b85dc16d9b9

    SHA512

    566d4ec8a6586439c23b5cf9115d299e896b4b2d123d65dbe880685dc9e9027b062c263a070e35d895b03d32e86e0bdade7b43911904fc42189d769fc22b2128

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    81KB

    MD5

    519c974d786f3e9bf8474b8e3abbb4a1

    SHA1

    70c61f1ef569e796c19da4669321ec864fada830

    SHA256

    6fe71f2c30a9814c9385fc0c76f2c0707310ca0142b255d3b831ded1b1e529f7

    SHA512

    7e14b799d364631812bbc861ccb6e2471627aefb598317b3b01a111489c77e4069c1f5076b8a15136ac1252ce07424166e91fe7f1c3eb311c5430c80479b6075