Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06/11/2024, 01:42

General

  • Target

    6843ded980458e184d527737563393ef78d7e26d84ae8d6eb06753dffb287b9aN.exe

  • Size

    93KB

  • MD5

    2c16e3e458f7feb4bda30811c953b490

  • SHA1

    baad33703b5d3b280884451ed66caf416af38716

  • SHA256

    6843ded980458e184d527737563393ef78d7e26d84ae8d6eb06753dffb287b9a

  • SHA512

    e5386d29e2eeeb2b4272a23788127098310811c5916cd7090147ec23ebf3607e07f87b61b838a41e540a72992a06bc8448f412b1a919f6e749b40ed75234621e

  • SSDEEP

    1536:/7ZQpApze+eJfFpsJOfFpsJ5DLwKP2awclvmxaKP2awclvmxLlnlE:9QWpze+eJfFpsJOfFpsJ5DLhP2awclvQ

Score
9/10

Malware Config

Signatures

  • Renames multiple (3120) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\6843ded980458e184d527737563393ef78d7e26d84ae8d6eb06753dffb287b9aN.exe
    "C:\Users\Admin\AppData\Local\Temp\6843ded980458e184d527737563393ef78d7e26d84ae8d6eb06753dffb287b9aN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2868

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp

          Filesize

          93KB

          MD5

          d882fa25b17235b44e449afd61b5f088

          SHA1

          d04da911a592e10a65d0e2875482afddfaa2ea18

          SHA256

          4dc73e26f3b98fe25673de3e46fd6dd0b9489f6ef5a8b053014f3f1a684c8ce3

          SHA512

          3cd509e1edc97bdc3959e6824e2b7fd7f95b10d98cffe7d5f29f69c11021c44627d99be49751b3f54493bf06562676245c809398ae31754ab4d6b60b35d4ebb8

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          102KB

          MD5

          6ee575b1ce342afdc57bfa77682b3adc

          SHA1

          a40573f058caf3d6a16d9a9c829c193b2dd30d70

          SHA256

          b065838ebbd8afd84aab978ef0ea1d67e90b8cd9cbb16d0037462cb577295fab

          SHA512

          4d7f951ae3607ae3b966d9ad3996afe8fe1810b48dee45ed9e54f042408c82b57d63875961d13447251928869292ba6cc93a0a8c2f72a840b5f566de77992e6a

        • memory/2868-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

        • memory/2868-70-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB