Analysis Overview
SHA256
0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509
Threat Level: Likely malicious
The file 0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (4075) files with added filename extension
Renames multiple (5199) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-20 17:21
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-20 17:21
Reported
2024-10-20 17:23
Platform
win7-20240729-en
Max time kernel
150s
Max time network
122s
Command Line
Signatures
Renames multiple (4075) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe
"C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp
| MD5 | dffcd5e202dc88f2e9bafbf5d20ef989 |
| SHA1 | ffc136020b781096f4ec6660278feb6f4b6c78e4 |
| SHA256 | df4a2a4a60af328412d0f6cd19cb51b8891202e287333c1b070889323a5d7054 |
| SHA512 | c35c017b920bf2a4c62e7b788c5ae6c59de0279d4e4d339d6d1f444d2ff7d8eb51a0c536592cd95d18e412bc0f3314c141077c7243bf3d9d365daf94af2406a6 |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | 7c1c28369d8a10fb277fc601e11930e9 |
| SHA1 | 63d9aaadd4d51cbb90b06f2054d76c18c7d408e5 |
| SHA256 | 8512624ac7a28c056099c533d21fcc3ccfea9dc3ee085450e96aeb6aef0bec6a |
| SHA512 | fe4faf37644ad0c02b2eb41bbf812e582e47494c7b2ad9410c5f4b565d9967b9887f6c15bd6c08a594b13c32c4b9c5e06119808dc3b2a291d129a3be7ee794ad |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-20 17:21
Reported
2024-10-20 17:23
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
151s
Command Line
Signatures
Renames multiple (5199) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe
"C:\Users\Admin\AppData\Local\Temp\0d73839cc58193c5742469110a65cfabf8e9aa65bb6334aa4080164ad22ab509N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.28.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.173.189.20.in-addr.arpa | udp |
Files
C:\$Recycle.Bin\S-1-5-21-3227495264-2217614367-4027411560-1000\desktop.ini.tmp
| MD5 | 8d04b07dcbd1ecea475ff69228b0c041 |
| SHA1 | e9311ff867d0f44f3d6fbd4c47e2ae30f7dbf929 |
| SHA256 | 250e063f697da3b0725f96d169c352ac1986ab1e09fa1647a9ff30be68e67858 |
| SHA512 | 092c20ab997851f1f1829049c04f2fa4da40ec9bd68cb6b8a6f6ff24643d0b2e81285ecb790793113dfa07c2385459010b0525ac2cb4f43d09c089d46efa91bd |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | 661fa0569b468935f9ba57f9fd427907 |
| SHA1 | 8590f492bfbce23b5d69cbbf50fb9d0685e4efbd |
| SHA256 | 80ead10944f1e37b9e600693b3c5f3e1811977f6264a73c3cd843183f8394e1b |
| SHA512 | 794d542bcb907a477c283eddffc4af75b1c188ee6b6b970e9b00b009640821a8c097263160036dda632a58001075809a4c0456f2cd58b26b0d588c9eb40c0215 |