Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12-11-2024 11:00

General

  • Target

    9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe

  • Size

    58KB

  • MD5

    ba5b3efa91f041882b28730d53a7b0d5

  • SHA1

    68c95376cdcde66edc83334be294d6f4e8d64003

  • SHA256

    9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03

  • SHA512

    ae1df7eaa78136ce9622b83b40d2036f4b21df452f559e600336e5fe939a670a742556755fc29a989ba7e17ba92118d6b01b73fbbb9ce0052d15a23e937aaff1

  • SSDEEP

    768:kBT37CPKK1EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKeKiwlX:CTWciVRRNRR3EBb56lbE6lbM

Malware Config

Signatures

  • Renames multiple (2857) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe
    "C:\Users\Admin\AppData\Local\Temp\9f53311e4cac288a6b189fd52e3e468f81d9aa4dc7ca1b1ad51953abaf23ef03.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

    Filesize

    58KB

    MD5

    feb382229f169cd7532ed3ab889f0b0c

    SHA1

    735e309df88f1d28c6738ed117aceaa5cdfc8747

    SHA256

    2b609e6cb0befb61ecb8fcf9c3e7be18fdc180fbd50a96c9ad3fa2f5e722913b

    SHA512

    641e0c00ac183a08bd9a2d6bb12d7f3a83ae272e187bc6b4823b60c30403971535df45134843be21ecfc1cda13989c62931683bc3afdd39e084fb5d867e9a65a

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    67KB

    MD5

    45cff6a68d3ce6bbeb0ea9052f47b97b

    SHA1

    71d835421c5f076da76b3d054efc57223084d332

    SHA256

    c5de20e1557025b71778f01854b32fa760bec3de7a6e76bdeaef63bc6308baf5

    SHA512

    bff67f1a44152c739c50aa2b9437f03246d2ad8a104070a70da5f3043248e4d09f0592647bea773288fcdcd4890d7b2ab63a7f85bb01f80e6794e25aa624b03d

  • memory/1792-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/1792-69-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB