Analysis

  • max time kernel
    120s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    12-11-2024 17:56

General

  • Target

    b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe

  • Size

    44KB

  • MD5

    ab1ea72385d218c689b16ff0881e68c8

  • SHA1

    ce9d68d58aaf38b761b2453fd5192c94711c303d

  • SHA256

    b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4

  • SHA512

    3c62ee2788ea0658ef162c5cf17408a6d54c228219c3e4b48a4d37a6ac11b70f90d007c72f038b65dded4dd3bad22439c78cfe5114b69872279a8a8b1fc9f3cc

  • SSDEEP

    768:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJhATBHfBo8o3P9:CTW7JJZENTBHfiP9

Malware Config

Signatures

  • Renames multiple (377) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe
    "C:\Users\Admin\AppData\Local\Temp\b6697b089876b44691100170295a13eb247eea6e987fe0ea80ca1bdc140640e4.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2860

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3692679935-4019334568-335155002-1000\desktop.ini.tmp

    Filesize

    44KB

    MD5

    9e64c3b24e4d1055e6eacbff623122fa

    SHA1

    21ffdde184830efb4c70fdba90f971ef0c6f6b97

    SHA256

    cca952d41ace9b41ece6ba81ee24d9fe9d32c503ca931aca77bc5e35565cbfcc

    SHA512

    bd94a26b56fec662ac35e21edb88db2b713c9ecbfa105490413dfa7de369d00e5a0a78e0027f99439a99ad160f255a59cdfeafb29dec98fc64ff052df367fe88

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    53KB

    MD5

    866061d9adbc337bb6f9832cd79a34c1

    SHA1

    853bcf435557d6b360abd1254764f0619005e628

    SHA256

    3a320df9d9e8275ccea6fb424708ee35b8d53c387dd23b1585e4aa39ca261328

    SHA512

    a584a6a09cd8fc23823bfc77140e9675e4efe5f66f0b32d8f77f54ef92910135b39d043d84358dfea735aa1319a6a968e0a066d5868c3853ecbae077d33d4f06

  • memory/2860-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2860-27-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB