Analysis Overview
SHA256
e9922d440a7a2c7f65fc333d418cad7fdbd81447c9f511c4bc127a1d6f2af082
Threat Level: Likely malicious
The file e9922d440a7a2c7f65fc333d418cad7fdbd81447c9f511c4bc127a1d6f2af082N.exe was found to be: Likely malicious.
Malicious Activity Summary
Renames multiple (4598) files with added filename extension
Renames multiple (2907) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
Unsigned PE
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-12 18:52
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-12 18:52
Reported
2024-11-12 18:54
Platform
win7-20241023-en
Max time kernel
120s
Max time network
16s
Command Line
Signatures
Renames multiple (2907) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\e9922d440a7a2c7f65fc333d418cad7fdbd81447c9f511c4bc127a1d6f2af082N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\e9922d440a7a2c7f65fc333d418cad7fdbd81447c9f511c4bc127a1d6f2af082N.exe
"C:\Users\Admin\AppData\Local\Temp\e9922d440a7a2c7f65fc333d418cad7fdbd81447c9f511c4bc127a1d6f2af082N.exe"
Network
Files
C:\$Recycle.Bin\S-1-5-21-1163522206-1469769407-485553996-1000\desktop.ini.tmp
| MD5 | 3ed3f203accd41170ae028d48d3d501c |
| SHA1 | 21872c4f16d2ad9d840564c99423140cca7ac68a |
| SHA256 | 97ffd6736ce8a2059932e628a274fbc20830a9a53af9259761c9326bd4a2c80e |
| SHA512 | c5424739a3b9ff59da601f69704fa7ee9662479bc5de9c0723e923f22c375b7679d351692a24bec616951c1b3ce40c27936dd0c7b73b3c0c010db11b383d8f21 |
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
| MD5 | 15cb56e1e7ad8c6af50b77679530e771 |
| SHA1 | 8128ef3753c12b99dac1059c2f2a358af246eac6 |
| SHA256 | 048a55c4e9ccabd564ed528fab71250c9819f380a8f86618674d2ce20047f90c |
| SHA512 | f8021f52742e9d38882192c5df6f867b784fc21ef88cffed29e5f7c38a53f04d3c1a6a371eee09fa9c0eb5cb1ef0b7f37db2493d6471e1277ab14905afb844ac |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-12 18:52
Reported
2024-11-12 18:54
Platform
win10v2004-20241007-en
Max time kernel
120s
Max time network
93s
Command Line
Signatures
Renames multiple (4598) files with added filename extension
Drops file in Program Files directory
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\e9922d440a7a2c7f65fc333d418cad7fdbd81447c9f511c4bc127a1d6f2af082N.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\e9922d440a7a2c7f65fc333d418cad7fdbd81447c9f511c4bc127a1d6f2af082N.exe
"C:\Users\Admin\AppData\Local\Temp\e9922d440a7a2c7f65fc333d418cad7fdbd81447c9f511c4bc127a1d6f2af082N.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.163.245.4.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 48.229.111.52.in-addr.arpa | udp |
Files
C:\$Recycle.Bin\S-1-5-21-940901362-3608833189-1915618603-1000\desktop.ini.tmp
| MD5 | 4862484498febc11eb8984183c87dd23 |
| SHA1 | af9e7056454407cccdcab0d9e06508eb3d739202 |
| SHA256 | 8effb22f1a450418dd89a53bb69bfa13d62144cc7674eded8b8aef398921abbf |
| SHA512 | 18f3f7da9a3572874d635fff35c8d2721e12c970e761962140fd5cc775ed1db6928a0e6c739d9582fa66a4d14c3837798b20c873861110d1185eb0a836daf845 |
C:\Program Files\7-Zip\7-zip.dll.tmp
| MD5 | f11ac456d9daff2472df6f943d640ce2 |
| SHA1 | 85c74c053afcea543fcae18634ba4556c21df9d4 |
| SHA256 | fc2901b618b4fb82820b6d274a720c2808661922e0e0e9a3c2ce1605b6f436ab |
| SHA512 | c792ad3b14f2f5f7ee08add2d95831c0311e8d3c4c8543f9dc760fd808e10fff8adfc963700090aa012a7d28a8e7b697661ff5e6c8f8fe5e908d750b5cba5335 |