Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    14-11-2024 21:37

General

  • Target

    45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe

  • Size

    82KB

  • MD5

    534bedd94ca54e67165c1d149b2f51e0

  • SHA1

    9ef81cc0c16dac89cb155ff596d60c1f15c120ad

  • SHA256

    45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55

  • SHA512

    37ab9341e47ed62ad01209a43eab59d97586b577d0d220f1e7b69781cf3516eb14a140ea116c7be6d14d6145a1b34642a51f6938ebe7d19c8328719521c59f3f

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjSEXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rz:V7Zf/FAxTWtnMdyGdy4AnAP4YraIyI8

Malware Config

Signatures

  • Renames multiple (3435) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe
    "C:\Users\Admin\AppData\Local\Temp\45867daa1ee345bc17b542ea8deafe11f7960b94fd2db95c8f73b0e0603bcc55.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1684

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2039016743-699959520-214465309-1000\desktop.ini.tmp

    Filesize

    82KB

    MD5

    2cf5a17f54d0235d2efd060a98b635d1

    SHA1

    71ce0583a61e22d996357cb7395d8d75c09b5c04

    SHA256

    9645552e1edd4cecbf08cec2c4320299485a5d166925952ae1e4e521603011bd

    SHA512

    b69b4ec2cab90ff97eb55ea4e3e08b3a847ec1aabccf1ac0c94c98d5adc79583fb51399364d0f5e134c366187ec8716d9c146d6d0f2a6f67d2161cd4a1814406

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    91KB

    MD5

    56dd520b4e0f127fe1bb8e74eacbb5ee

    SHA1

    fdc4d06daa32f5c1dc5b008254e92392ba53995f

    SHA256

    ea8ba683a4367e268cf0f35b2e762af37c0b12099021b01bfaca793dee5ad0bc

    SHA512

    3b749dd98d85d346a08dc31e9ec4750dff05e74e6d9eaf0560dd04cca2c9cbd6032fd3891373d026d8520b9a6333a465647e4eb2942bfb121b9bdf8375f7b96c

  • memory/1684-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1684-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB