Overview

overview

9

Static

static

3

5d27a0d832...50.exe

windows7-x64

9

5d27a0d832...50.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14/05/2024, 01:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5d27a0d83290d3f7924daefb731e5c50.exe

  • Size

    65KB

  • MD5

    5d27a0d83290d3f7924daefb731e5c50

  • SHA1

    7f22fbd40ce991f222ac971e5889439c155a5305

  • SHA256

    fc97d1580e98daa1aa9b4a7c4a760286fdc90c3e240f4528fc85b8ef241fa765

  • SHA512

    58bf88e6365b865bd4c87fab3726bc9d002b06e8422f3b5095116a02c4d2beb53d52fb17fdcbcec63b113c54607cd47787c881129627dcb925fd1d857d6802f9

  • SSDEEP

    1536:W7Z9pApQESOHepOHe8G+6E6DGsTdc6e6kvNDck7Tdc6e6kvNDckkvVvv:69WpQEoTdc6e6kvNDck7Tdc6e6kvNDct

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (2672) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5d27a0d83290d3f7924daefb731e5c50.exe
    "C:\Users\Admin\AppData\Local\Temp\5d27a0d83290d3f7924daefb731e5c50.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2297530677-1229052932-2803917579-1000\desktop.ini.tmp
    Filesize

    65KB

    MD5

    63bd160309b9028fac8cb2faba953575

    SHA1

    ee3e4fcdb4fc64bf11e4547dae102defadb0ff81

    SHA256

    0ba66446bd45d289db45b35c50d254dbf7ee7658f848e118d887d79cb94c40e7

    SHA512

    f40d9e2bd7f7fe0c2132d954d0910c73546d1d3ddcd2ec042f78593d028d4ec6b2024775c1e58b3ccc4919b671650f42d857275b82c3551cd6d1f52f973b9b7b

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    74KB

    MD5

    959d17fc59506b9bc5986d905f75b8de

    SHA1

    27d4531fbe5dd3c1a39f3ab4f2dc177ae3b60e44

    SHA256

    acf534caf1a99071c6e252716619c82ed5c968e53af4192ea55688d9b173d3ba

    SHA512

    260b72fdfca11d0cb1f6844fe0e9a7fb66502cc08a905106e37f96bb2cbff95c6880eff88e76a82f90a4d206ed4434f0ad20965d81d48375f708ddc4bd6fd209

    Download Submit