Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    14-11-2024 10:16

General

  • Target

    4b2bf32a8de1d9b20fdb9f056689d9dc409edac5c0f5e844f77269fd48fdfe2e.exe

  • Size

    87KB

  • MD5

    c7be29851b7daa7f6c10e70c28d98a8e

  • SHA1

    b1b27b50ff3e144bba6b0312bdd4c9c866ff6098

  • SHA256

    4b2bf32a8de1d9b20fdb9f056689d9dc409edac5c0f5e844f77269fd48fdfe2e

  • SHA512

    ae28b13a18680b647850b75a6f661d94c1bdba606b6a1e8678cce0d5aa29309e587a54bbe0dd03c4722d2456cdca2ccd87939cbb7e6914c66c12abb692155714

  • SSDEEP

    768:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJhATBYMp:CTW7JJZENTBYMp

Malware Config

Signatures

  • Renames multiple (3089) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\4b2bf32a8de1d9b20fdb9f056689d9dc409edac5c0f5e844f77269fd48fdfe2e.exe
    "C:\Users\Admin\AppData\Local\Temp\4b2bf32a8de1d9b20fdb9f056689d9dc409edac5c0f5e844f77269fd48fdfe2e.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp

    Filesize

    87KB

    MD5

    357c772a33f4817a4fe7e55a74860dd5

    SHA1

    d1ac47f71a61f35c86b162747ed50d9e71750f11

    SHA256

    af40a29106f557debe6aaeae8c220620aecce392e44907b0296754939edd77bb

    SHA512

    de90bed75f9ad2cf6c5c0c103372a0dada6405dbe2a99d4516b42e49cfb7c1d1ab0157a22eaed94f6b05df531e012b452279b346bbb87f213d9b7d98e9c17656

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    96KB

    MD5

    bf52c9eec05c6b4fab15c33741a0dc4c

    SHA1

    a62868964aae50ced1c0fd962aafd245373089ff

    SHA256

    de8432d9f22d2cab283ba26356226c3abc1a5484ea251a34ab3490a59c0a349d

    SHA512

    2dcc296b368412449958345671d98288075ead60539d10e54efe0dbbf94fd7704c17038519d616388a42257cbb56a956ac2e906e677bb8ac981604f2863ca56e

  • memory/2792-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

  • memory/2792-69-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB