Analysis Overview
SHA256
baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55
Threat Level: Likely malicious
The file baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (519) files with added filename extension
Renames multiple (4872) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-10-21 00:33
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-21 00:33
Reported
2024-10-21 00:36
Platform
win7-20241010-en
Max time kernel
150s
Max time network
124s
Command Line
Signatures
Renames multiple (519) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe
"C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp
| MD5 | da49dd2344a9d141f6026165805eff20 |
| SHA1 | d4af2eac539c504d072d75defc153dec1e57af5c |
| SHA256 | 36f616997cc0c7f87677884cf0ee7d6b7f162eba6e2c04a8d233acff64fe7e63 |
| SHA512 | 43d73da09713328d6c5f10bb15e0d16784801839898cc019ba1f4bacc015cdc42c91d191179ae5478a68c7fddbb59a4b072d8a0c0a788a18c552cd908c8600dc |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | ba084355acac86cf2877b3ab4713a760 |
| SHA1 | c6d2879194db9875c13e3592fae5014b9381eea7 |
| SHA256 | a8562a51b76c28ebdf339e209fcf59afb308f7331425bc895a0935c69d24cd97 |
| SHA512 | 8d6ae02482727914965ce1c9617d13118d91b56bfc7356c7d890e19c737c7222b54dfc978a4df86b9518cd27db818f7c03b37fd011c540e012acbbc4615fa431 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-21 00:33
Reported
2024-10-21 00:36
Platform
win10v2004-20241007-en
Max time kernel
150s
Max time network
149s
Command Line
Signatures
Renames multiple (4872) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe
"C:\Users\Admin\AppData\Local\Temp\baaa06db9b071b5b5fd7aeb6d96e210d58be34230e1212e14aa8590505b6af55N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 232.168.11.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.35.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
C:\$Recycle.Bin\S-1-5-21-2437139445-1151884604-3026847218-1000\desktop.ini.tmp
| MD5 | c5a337e526b5a6535963a052cff11bb8 |
| SHA1 | e5c4457d683f81f0b42f34ca9787bc6aaf879ffe |
| SHA256 | 4fd2417fc088663d96d826fda0aba79ac1dcb0de9329c304b8d5f678fd8714cf |
| SHA512 | 40930826023f087a55e7db869153a8b02bd02d112aedbde6f9eb409a8f133e3e6447f59836446ce9b310c6448999380106e14dd6293095a3b8b58e586d2c4d22 |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | bc4face9ed8e2aa180957b87762fbe71 |
| SHA1 | 5ff6e98c8f763b34d6ff8fd1cece5193b2fb7409 |
| SHA256 | d8e642ddb436082ddaa6753e93ff6cdc2df4a2864a50158e68486ce3cb44e0ac |
| SHA512 | f09bb1495eac45795413e35278c53639e0bc956e35806f6d4d548024114f3ebac033daf6e8c404628781f645fd80a1c3777e3d1dc12737c5c4d31a7b3db2a976 |