Analysis Overview
SHA256
555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907
Threat Level: Likely malicious
The file 555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (3266) files with added filename extension
Renames multiple (4645) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-20 16:44
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-20 16:44
Reported
2024-10-20 16:46
Platform
win7-20240903-en
Max time kernel
120s
Max time network
17s
Command Line
Signatures
Renames multiple (3266) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe
"C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp
| MD5 | d142ab4d838b8e111b2a69a13790a2d9 |
| SHA1 | 6b532dbb69a101d81eb5e48bc58405ab2971a9ec |
| SHA256 | 7b179028fa6a0fc5763f4d4f79efd7280be87a7b1589eff4153c9c750e538b86 |
| SHA512 | 6fa12857e9778ba81a964fdb193673065e37632877f9d34bf707f12c59e3a7d58cc095722fe308dbf97db2f0b75971cc1a4f95a3b69a180d6c8cdb31d18969ab |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | 515f94e732221b70c072502336c16ec6 |
| SHA1 | 47d315fa71c8e6f715e0a94856f24ff82bae78f4 |
| SHA256 | 84b72056ff61a7f86df60e3ca1a880135b812652d6026629dadb743d1738f6af |
| SHA512 | d2316e46215ef29757670f4f899d2e8f36b544f7de59a069599591b93ac69a6ad4b76d65c7583cbb040f8d9529ca725fa1d56e2d4cfc284d30fb85c83ff48ef3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-20 16:44
Reported
2024-10-20 16:46
Platform
win10v2004-20241007-en
Max time kernel
119s
Max time network
104s
Command Line
Signatures
Renames multiple (4645) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe
"C:\Users\Admin\AppData\Local\Temp\555e49d2b16ecf03e9cb00d533efe3946c30b50dd5242c1bb1b1056f544b7907N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 138.201.86.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
Files
C:\$Recycle.Bin\S-1-5-21-4089630652-1596403869-279772308-1000\desktop.ini.tmp
| MD5 | 51533c267d3acbb655a4933a6ea89f55 |
| SHA1 | 37ac4c0b34a545801683279054368c0fbb54a45b |
| SHA256 | 5c366cf7e429b69d7b72c22d629c6f8296409600c8fddd897d67889f3552b171 |
| SHA512 | 42184052a296df25a54de72d1f4a174418e1d71733550fbaa5cce46fccd7eb22713259e7226a8f95b628711127c41c16434519ca2d7d318a59b87b3bfa9fb972 |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | 9d66e7ab4d6fbb11505824b90a0477cd |
| SHA1 | 6b1c555b98650f291ba3cade29dc10a3334338bb |
| SHA256 | 8396232bd6cc52aa10c7d25f11297810117d848cfd2f88a435f404fd35bf07bc |
| SHA512 | a8e4c7423305f5d9d36abdbc9e71f1662ed0b705164fbb3ad04bf5e1f5a39b67ad67d9dd11af264efedd3f3fa9a257e6796354104c8163ccc5cdfb40efb3159f |