Analysis Overview
SHA256
833ffb74593408cdc66c7e2c797ce5bfd8ae103b75b4d880cd44b142efa4b31b
Threat Level: Likely malicious
The file 833ffb74593408cdc66c7e2c797ce5bfd8ae103b75b4d880cd44b142efa4b31bN was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (4634) files with added filename extension
Renames multiple (245) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-20 19:50
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-20 19:50
Reported
2024-10-20 19:52
Platform
win7-20241010-en
Max time kernel
120s
Max time network
18s
Command Line
Signatures
Renames multiple (245) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\833ffb74593408cdc66c7e2c797ce5bfd8ae103b75b4d880cd44b142efa4b31bN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\833ffb74593408cdc66c7e2c797ce5bfd8ae103b75b4d880cd44b142efa4b31bN.exe
"C:\Users\Admin\AppData\Local\Temp\833ffb74593408cdc66c7e2c797ce5bfd8ae103b75b4d880cd44b142efa4b31bN.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp
| MD5 | 27e80ce9325b55fe4d8cab7f8f77ba14 |
| SHA1 | c51cfb6be7cc492906be777756012e1aa3c6efd2 |
| SHA256 | 438272c77f1667e47bcc2dc2563abbad71d050ee2d90648d201c7eef1713635e |
| SHA512 | f19bfc8878b707c5b7ed174f861eec69c3ef9a3ff8d1d2a97f4e8d100d9242b725433b3dd44307bf40afce3080255636627cba614eb0cefcf91c76917414fc7c |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | 25f961d74a32c756dbc788a40f38b186 |
| SHA1 | c0b20f99f45c80445e77431c4f543ccd7994a73f |
| SHA256 | 1999cabca8e13605030218dff4daee58ba57377cbb3e872548c1d79016852fdd |
| SHA512 | 5101acf4d4397679807173497c8bd6bd9fb480fc06761fd4164ec0a437f75016631c41af7006e68ddd566ff9f2ac366f0b2e961ca3d62e36a23ac7f3f7d035c6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-20 19:50
Reported
2024-10-20 19:52
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
102s
Command Line
Signatures
Renames multiple (4634) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\833ffb74593408cdc66c7e2c797ce5bfd8ae103b75b4d880cd44b142efa4b31bN.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\833ffb74593408cdc66c7e2c797ce5bfd8ae103b75b4d880cd44b142efa4b31bN.exe
"C:\Users\Admin\AppData\Local\Temp\833ffb74593408cdc66c7e2c797ce5bfd8ae103b75b4d880cd44b142efa4b31bN.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 136.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 110.11.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 57.169.31.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp
| MD5 | 41848284ac2fd8fa226296bebd7f93a0 |
| SHA1 | 53d47ab1b6f82078b9ce3fa4f574c933e093dd9a |
| SHA256 | e76cb932f42c25d367a24ad5b7de021ab2e33b70c5ad1d1756733387bea1af52 |
| SHA512 | 42fbfa663d31a65896e361be50ae9f41669273de7febd7c4b45be40f0c7a43830d16f6dc50201cf672ee429c72d1c0428c06958b6d66dd7a9022c9462358bec2 |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | 9d9a55a07eda9677603b5763bee32d5b |
| SHA1 | 7b37935eb84558cb4f6ca6495f025cdca0d4a83c |
| SHA256 | 32065bf5476826983ac42a85abd093e4cd65abf3cfef4c491f485b62ea8e1c0c |
| SHA512 | e03c4adfede0209a7c83665ac9f71a272f9c95f333f59c0536b8a4517418d2863b2cc3481b1b6f6986e2b28f029f94008be24c345579c8db305c6d2a5d7dc83c |