Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    06/11/2024, 01:09

General

  • Target

    07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe

  • Size

    130KB

  • MD5

    ece0854ff908fe5521f959a11ad5a940

  • SHA1

    6e5772edbcf2e3b46a3216e20ebada742f3d2aee

  • SHA256

    07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1

  • SHA512

    5b7aa294cf872f4da10ce5cce681ff7ead404e05ddf46686791c45c37244aff868342bf06d61a81df05fe7170161789918b9847133edeadd12c81bbe8740430e

  • SSDEEP

    3072:hoRUhehbIyIMQ4Aa1ZthsMxFUy4ipiIUpB6Bo:CRUhehb15QYZthsMxFQJIUj

Malware Config

Signatures

  • Renames multiple (3456) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe
    "C:\Users\Admin\AppData\Local\Temp\07d89fd019ed60832ace1226a3a920bb24aaa9cd2f014d310f7924853579dcc1N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2520

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

          Filesize

          130KB

          MD5

          97d7d23e1be6993a3a05d379cb151b8a

          SHA1

          0a30347b51640e3fa060f95e3f89983f3861c378

          SHA256

          afa49415f51e847bd1d07d5deca638f14f8eb96f81136bd703b7457b48da7b87

          SHA512

          099e4c482a701d49e3af89865873a96e33ed291388a4cb6c4920dbf42aec6ca71e34c6472ba45f15b0583a7d3f52087d8445f3e01f202f4eb1ef0fd39ad0cd27

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

          Filesize

          139KB

          MD5

          48558e12a4e8faedf14dee0739893fc2

          SHA1

          e65f51e693ab8c9eebbe1962356d98ddba68c202

          SHA256

          9f4c9ecd0fa742abd2aa9dcf2b3b8b4662926c306397994ca4216cadcfa21061

          SHA512

          4c56545b96647b843d24d5453a7e53bc0ffdf0e371e913d553b32be040e8a09fbd3080700b90e4b44acbd8ee5d8e30dfd658ebf32dec829a9028a885b9ec6351

        • memory/2520-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

        • memory/2520-75-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB