Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14-11-2024 09:42

General

  • Target

    395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe

  • Size

    134KB

  • MD5

    18ce17e28a1398b454675f1f671d1890

  • SHA1

    a9077d51aac88ea95110d2018995d04af0adcc23

  • SHA256

    395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadc

  • SHA512

    8d82641741606504af072d790b54c65ef9ff2ed9054be35641b16452cf49f9acada1527261c4719a2c446bcfc8cd9094a0109c19b98592f58186e347c20f815d

  • SSDEEP

    1536:V7Zf/FAxTWbiVRRNRR3EBbdTWciVRRNRR3EBbqB0zB0P:fnyFRrRNRrRFB0zB0P

Malware Config

Signatures

  • Renames multiple (2281) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe
    "C:\Users\Admin\AppData\Local\Temp\395342ec98f27d4034e40168bacfea3f57ab875393c9068032a45551cc52cadcN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1236

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp

    Filesize

    134KB

    MD5

    62c1098d46f143d8668749a24fa18224

    SHA1

    bc4389113fb9b27340cd17e0ca6918e85161f3b9

    SHA256

    f54b961e4f15b14b94d90c5795b827fb92036c474f391f8b4dd14bf14f0fe988

    SHA512

    883af88ca5e25b32066b477c8023bc8364db29cb38c426627ba1034eb527e2690aa47b50b9f7f22d8c564619b191c0ffe679e2debf3efdc5938a9c127f3b2eef

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    143KB

    MD5

    a887a827759deba4299468c8efe985f8

    SHA1

    9413c4c0ba050d9f0337e056b43dc80a42a58664

    SHA256

    56b0baa3c314840b01088c132aa7c728095c2cdb6d7f57d1cd38f750744c349d

    SHA512

    6a9b3117e2d7e3041a33eb15cd80e7396efbe5ed34f90b7e71558a00c924bd2135c3240c35df9cde98837dd89f6d4d667de9075aa06693114dc762a7a49e8ab8

  • memory/1236-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1236-58-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB