Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10-11-2024 01:22

General

  • Target

    a69bf2de681ec97c1f9af78fb337b786bf0a8b792c89f05bd9f40ac335f66062.exe

  • Size

    75KB

  • MD5

    ed27a85599545084bca8277c5599a480

  • SHA1

    11e6288d97c30fcd5a7c9dd13b0525f4efa72086

  • SHA256

    a69bf2de681ec97c1f9af78fb337b786bf0a8b792c89f05bd9f40ac335f66062

  • SHA512

    83f7fd0131f74a1ee4103bb97db43c42c68bb5c5c265bd98f89ee7c843c389f625244ce1f16a1a8b35edbbb9991ca13da33f55c1be04790ac627d4aaf49b72ed

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjSEXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2r3:V7Zf/FAxTWbiVRRNRR3EBbIOJ

Malware Config

Signatures

  • Renames multiple (3629) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\a69bf2de681ec97c1f9af78fb337b786bf0a8b792c89f05bd9f40ac335f66062.exe
    "C:\Users\Admin\AppData\Local\Temp\a69bf2de681ec97c1f9af78fb337b786bf0a8b792c89f05bd9f40ac335f66062.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2640

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp

    Filesize

    75KB

    MD5

    56c7d615b44fce6ca7e0cb0f4ac8e905

    SHA1

    235b8899a977e5675ddbdc82797ea8bff0ddf8cc

    SHA256

    f6c75b15b992f1f9824e10578ef7d10ffdaa3eb7d4504468eca941f9d048f5a4

    SHA512

    f4a931f86b32df279f6a4c3b300a5b700dcb680be179b1892064b65ddeb1387057bd10dd8bb0589f8801d15a0106d306048215e97249cdbe47e9e44c3bddd371

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    84KB

    MD5

    23b9ec3abadd9662e73a9a041ad6dbed

    SHA1

    1ba5f048fc1e8ad9c34c950f809d16c8118acf38

    SHA256

    c223f2ea70425a76ef22bc3d558005892b7e30c1bf4ca60e0592994a1eb6b972

    SHA512

    4058f0c85589faa6b1c74499106e11cf8a47e880d63254275356b04e8133484a351ac9bb656b663e1d212372ddd76b83c2354cf3055ef1fbafffb610a4b9acb4

  • memory/2640-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/2640-72-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB