Overview

overview

9

Static

static

3

2c411906fb...ee.exe

windows7-x64

9

2c411906fb...ee.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    29/06/2024, 19:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2c411906fb67002b1a70654841da7be9afd1eba626636d1ead5866392b5563ee.exe

  • Size

    64KB

  • MD5

    8106fb6fbe9be6816e8aeaa26cee9c44

  • SHA1

    ba7c2d50a7c9262a7636b0ec2afd878649acb8f1

  • SHA256

    2c411906fb67002b1a70654841da7be9afd1eba626636d1ead5866392b5563ee

  • SHA512

    d32c37129b8dbe08d27c102f8130f2c91b41894710bdaaa9c515ac5d471ba2ef2715c8428caef307eda920c6a43e1f97260f17dfe1da9878f5772ce8e84ca719

  • SSDEEP

    384:yBs7Br5xjL8AgA71FbhvhwMF1XxXEh+v8L1f1iw1jP8pW08yzXyRupIEb2IOG:/7BlpQpARFbhtF1XxXEhk8GMEpdX2Kll

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (3700) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c411906fb67002b1a70654841da7be9afd1eba626636d1ead5866392b5563ee.exe
    "C:\Users\Admin\AppData\Local\Temp\2c411906fb67002b1a70654841da7be9afd1eba626636d1ead5866392b5563ee.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2236

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-481678230-3773327859-3495911762-1000\desktop.ini.tmp
          Filesize

          64KB

          MD5

          c9b662392e91bdff8dd5092440da0575

          SHA1

          0c220c9e85e9e1ed6bc4827a1247b6e6346408b8

          SHA256

          f28b7fae191d62b15ff945ab3e4d732b7fa464f60e62914e3e5c595962ff0257

          SHA512

          6fc565b562c7dd306935768bb8173b21daa6d39211256c25f4fa35f1e71c01578ad98aa83b655117a58529ca0ffc7ce4ce55691ffacc5e648b684d04ddf60dfb

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          73KB

          MD5

          9a11037d1eabc7e8980d1da8e1eaeb1d

          SHA1

          6e70d07435a5e8635316496358c4daf17695f362

          SHA256

          d7909a82bf2641a223c6e6de6f77d82c19558d69c2cff8c75f0877c5aa7f49e6

          SHA512

          9dc26ce3192840825c7d0435c282f8d3463c83e5c420c699381a673e6134c9933a58ca80a02d1604c9390fb4a0562505b0b4fb4771df9e035f27143e097322d0

          Download Submit

        • memory/2236-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2236-650-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download