Overview
overview
10Static
static
100c3b09213f...3c.exe
windows7-x64
80dab0428b4...50.exe
windows7-x64
1014d09a259f...32.exe
windows7-x64
1016c49d6775...56.exe
windows7-x64
71d241bd0b7...f4.exe
windows7-x64
92.exe
windows7-x64
6287a6b75d1...ad.exe
windows7-x64
1035b0676421...82.exe
windows7-x64
1039deb2f02f...9f.exe
windows7-x64
84.exe
windows7-x64
74a0f399840...33.exe
windows7-x64
105.exe
windows7-x64
853bdaf567e...fc.exe
windows7-x64
76.exe
windows7-x64
5646677375b...36.exe
windows7-x64
96dfb9490b1...f8.exe
windows7-x64
67.exe
windows7-x64
1071a20e2700...db.exe
windows7-x64
3835b0ef8f5...35.exe
windows7-x64
7$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows7-x64
3b15b78937c...ac.exe
windows7-x64
7$PLUGINSDIR/INetC.dll
windows7-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows7-x64
3b3dc1bb1c7...1b.exe
windows7-x64
5b4e3091d31...81.exe
windows7-x64
10c1b35d3d70...c3.exe
windows7-x64
10caa5f52a78...78.exe
windows7-x64
10d2878de61f...0b.exe
windows7-x64
7dbadeff4af...30.exe
windows7-x64
10f5d893afc4...e9.exe
windows7-x64
9Analysis
-
max time kernel
6s -
max time network
3s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
20-11-2024 13:09
Behavioral task
behavioral1
Sample
0c3b09213f642af5d6bca1708d167052f7fe198e5eced0e78584d8eb910b8d3c.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral2
Sample
0dab0428b414b0440288a12fbc20dab72339ef72ff5859e8c18d76dd8b169f50.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral3
Sample
14d09a259f72569f309fdd7bc14519753d01016706c7b9335a215b2d0b64c632.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral4
Sample
16c49d677559071b3fc71fb4bb1a3c85cdcf7c4c27454010f69bb0bd04b1c456.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral5
Sample
1d241bd0b71408abcf11871a9318cbfcd925b195814951c3123abca27554c6f4.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral6
Sample
2.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral7
Sample
287a6b75d1776f89502a1fd0ec571adebff878becb0ebdcec703e8fc6e3885ad.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282.exe
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral9
Sample
39deb2f02fee04a430cff446b35b0984a66b563552775eb1309d35acca3a209f.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
4.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral11
Sample
4a0f399840bb73f3b70d4461ec1a37cffcb3e4789c876042d133ed903c5d9333.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral12
Sample
5.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral13
Sample
53bdaf567e302201ef06847d8914477e9a3852fc57d8e50606eab6bcdbdda8fc.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral14
Sample
6.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral15
Sample
646677375bc0ecaad279751d8d09220d5d44e20570548f8475f36803affda636.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral16
Sample
6dfb9490b10f90cfb5c0b7f2db24bc0eb3924664540ac24d5a1b32a4614078f8.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral17
Sample
7.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral18
Sample
71a20e270052665d18bc0fe4d1f9608e51f4fd427442e7abc3e5d43c4e987bdb.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral19
Sample
835b0ef8f5cfdc2ca8c0d3deccbafc48604e4a5356f0104cedfdfa20b20c2735.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
$PLUGINSDIR/System.dll
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral21
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral22
Sample
b15b78937cd33dfaedef28385b293c92b999f37b2a97d01d516f6189a6afefac.exe
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral23
Sample
$PLUGINSDIR/INetC.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral24
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral25
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral26
Sample
b3dc1bb1c72c6bda1a7508147b2c92021aa18eb99d419db7e8245f32979cd01b.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral27
Sample
b4e3091d3119268dfc8ac3caf2d5d02fd4faa360f822a87b50110b805e465181.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral28
Sample
c1b35d3d70c59a66a35ab7e4981ee3459571af1e43997a334bac1c073485fec3.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral29
Sample
caa5f52a7811c49ae830606f01fd70d846fe53e9858603886f504e984fb2bc78.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral30
Sample
d2878de61ff17b2ae8cd556a6935af332955f07acf1991ab30ddeba9a5ced20b.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral31
Sample
dbadeff4af3fa7785d54d177db9608f24d405971cf642ca0759a203d9e895930.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral32
Sample
f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe
Resource
win7-20240903-en
windows7-x64
General
-
Target
f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe
-
Size
401KB
-
MD5
5a131b48f147586afa20b0a1a00a1533
-
SHA1
35d0125d8ca6457ff4604d5e245b2102a9ec4a6e
-
SHA256
f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9
-
SHA512
0d01c70c6dbf948ce29491bb81df5bb58e010e775456a168db93973b4dd9fc4a518fff68c7480cb4a79a52b2a8070253b3f06d32e0ac0ecf1c4b1541301a32ee
-
SSDEEP
6144:KzLr0iArBI4BdswFu+eW/9QF6nJ9/SAtKOqKojDEjm7Bx3A4vhvGGnCA9CJYNc4V:kXAik2yuRe9BXrTyDnBxLZmA9C1
Malware Config
Signatures
-
Renames multiple (230) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s) 26 IoCs
Processes:
f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exedescription ioc Process File opened for modification C:\Users\Public\Documents\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Public\Downloads\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Public\Music\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Public\Recorded TV\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Public\Music\Sample Music\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Public\Pictures\Sample Pictures\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Public\Videos\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Admin\Downloads\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Admin\Favorites\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Admin\Music\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Admin\Videos\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Admin\Saved Games\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Admin\Searches\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Public\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Public\Videos\Sample Videos\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Admin\Contacts\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Admin\Links\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Admin\Pictures\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Public\Libraries\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Public\Pictures\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Public\Recorded TV\Sample Media\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Admin\Desktop\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Admin\Documents\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Admin\Favorites\Links for United States\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe File opened for modification C:\Users\Public\Desktop\desktop.ini f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe -
Processes:
resource yara_rule behavioral32/memory/2348-0-0x00000000009F0000-0x0000000000AE9000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exepid Process 2348 f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe"C:\Users\Admin\AppData\Local\Temp\f5d893afc4ad2e98606b597df186657b57f3d1e3a5abe51f800de6086aab84e9.exe"1⤵
- Drops desktop.ini file(s)
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:2348