Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/01/2025, 09:05

General

  • Target

    8ecdc1a98eeb8a07b6b1ab22c08d8f360b2c3dd141ecf9f8b781660a3c017567N.exe

  • Size

    209KB

  • MD5

    4088c7c7dc7c8f0ba5497ceb9cabd690

  • SHA1

    79ee0a4d36b3714bba4a57ae6d3e9cbe3f0dd9d5

  • SHA256

    8ecdc1a98eeb8a07b6b1ab22c08d8f360b2c3dd141ecf9f8b781660a3c017567

  • SHA512

    dd45562a04b8832fb2146e9bef56894c1632069f9f7006900939a5d335c52c7bbea205a70845baac099a96fd34ef52ef9d6ad4dbd038bcc0815f2589b95f74fb

  • SSDEEP

    3072:fny1tEyyj2yAeCgjJQWHIjN3tj6qnv0b2UrXkbvLiPB:KbEyyj2yAIJbIjNDv0bNXkbvLiPB

Malware Config

Signatures

  • Renames multiple (2695) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ecdc1a98eeb8a07b6b1ab22c08d8f360b2c3dd141ecf9f8b781660a3c017567N.exe
    "C:\Users\Admin\AppData\Local\Temp\8ecdc1a98eeb8a07b6b1ab22c08d8f360b2c3dd141ecf9f8b781660a3c017567N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1272

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp

    Filesize

    210KB

    MD5

    4c84069267b38759a094adae7dc065c3

    SHA1

    e13b0b1e37e37ded513d099183afd02a06928333

    SHA256

    cd8d047d9cd2184f8f71ecdbb6206f67adb9704c8f2d3b2dddfeb1b858b252eb

    SHA512

    2233a78a9e02831b16a9648a414a17634e23fb0dc1c48f208076894fbc224a20d1f6ab4a2b8ac5994c95f82e069714cffd2443e19ace839a171280313b014334

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

    Filesize

    219KB

    MD5

    df15bf9ad7755471f8ca5d262b3aec12

    SHA1

    e622d17e97a9956354eb82db242ce5839f96fdd1

    SHA256

    e666c88ad39af28b8a71f07e3d65f1635ff4b11bf526d451c872e82a5df4f952

    SHA512

    f04ca2bbfbfbcd6eee1ca687fa7c0435383583f197ac7595836e7872efcca8f48386ce78960321053cc1616376c6bae7fd294dbad2ff54716b87bf5b4e065f8d

  • memory/1272-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

  • memory/1272-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB