Analysis

  • max time kernel
    28s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    12-11-2024 15:55

General

  • Target

    f49c37ec77cd3263794b346e4776cbbe7636b82fcaac5e0eb3e1a918feea321cN.exe

  • Size

    2.5MB

  • MD5

    e41c0a5c94c527fc42b45eadf90f0a10

  • SHA1

    bcd3ad1a81a3d930c0bff1f24b80a5da03a65df3

  • SHA256

    f49c37ec77cd3263794b346e4776cbbe7636b82fcaac5e0eb3e1a918feea321c

  • SHA512

    b9f835cbabb73782ce5a5e288e9828621cf32082137cf56edcd5d6e626eb3e9b06939595e6c49182fe51c22b8446e25dcb191d17d09c0324c3030e8e286f504d

  • SSDEEP

    49152:yWN3avHK72BX21c1XTxwDqoEZ/SGTip8uRXXYR0H:vcLBXjlcaZmxRZ

Malware Config

Signatures

  • Renames multiple (256) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f49c37ec77cd3263794b346e4776cbbe7636b82fcaac5e0eb3e1a918feea321cN.exe
    "C:\Users\Admin\AppData\Local\Temp\f49c37ec77cd3263794b346e4776cbbe7636b82fcaac5e0eb3e1a918feea321cN.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1744

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\7-Zip\7z.exe

    Filesize

    544KB

    MD5

    c0a74023b633fd962053fc9592d18b45

    SHA1

    60a77887f676650119d71cdb4e9cda7234235c8b

    SHA256

    fa14ce0cead3ee68bfe224eb9a2a1ef85261265e31cbb9e4d509800c83338602

    SHA512

    001f577f927ffe51c6152a68e2242245bb299a3cc2d76456b6aa6563e4321b18d728ee5c41dc90ca797c7b8aba16b00a0a2713a20bdace8b1b99d0fd9c4837bb

  • memory/1744-7499-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB