Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    12-11-2024 15:56

General

  • Target

    8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe

  • Size

    77KB

  • MD5

    81c20fde6ec37ac57309bb5fb82de46e

  • SHA1

    ee1bf25af1dceb9d149b1e511fc972e278478bb2

  • SHA256

    8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954

  • SHA512

    59f04f44f5155abcc8da8951808f21c1e47cc38aea9e40a83ec2e1b29433defbd0959712f403d16ed04aad081e191e9b2525653b42b51658d339f66c16cb889b

  • SSDEEP

    1536:CTW7JJ7TWsdj2hkAeCgI3i0CJS1Il+lMq:h6yj2yAeCgjJq

Malware Config

Signatures

  • Renames multiple (2620) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe
    "C:\Users\Admin\AppData\Local\Temp\8d6564273ca8af02441baa54da943f6f2b7206d899325d97a3f93fb237818954.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1344

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp

    Filesize

    77KB

    MD5

    b20fdc49d8316f7533f706b1f7cb9718

    SHA1

    e8b48babbcb7c1162f475ad9c602da9e3cf17209

    SHA256

    ca6079387dad9ed9b06274ff79439d68284a396ef96e5cef7c90d2b62825602a

    SHA512

    06d3fd2bf2b382216d5cc56496edc326c00032fbcb40e69c01201678062d24a71370a544736da77baeba98d45ab0040d2a7243788bf99c8ae287158f2bc540d3

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    86KB

    MD5

    6ed6270ce1edb81ab4b3b2a407473a0d

    SHA1

    88347ca5010397f372d41559e887d9686991f7ac

    SHA256

    5cbedf354a43e3930d97f8ad723e421528abee5509bf8e612d9e29ec05cfd50a

    SHA512

    ecad405e975abe77b4f961ee11864ffad08466739b55c6c70f38a7eae844bf8aad5814a3ad4baa3c76c64615550fc8dddfb341c1b104e6f73d4f6a692cdbbc4b

  • memory/1344-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/1344-51-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB