Overview

overview

9

Static

static

3

e6864330dd...0N.exe

windows7-x64

9

e6864330dd...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/07/2024, 16:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e6864330dd4a1578af1b7cba23e1afa0N.exe

  • Size

    89KB

  • MD5

    e6864330dd4a1578af1b7cba23e1afa0

  • SHA1

    13bac9b0749f79e5fa580ade89bf0136789ecdad

  • SHA256

    df310fcb510c39b3f6a2cf0da1645654faf56d811c30690fcf5daa21a734008e

  • SHA512

    df7c00deebddf83392400feb3763b4ed987dc4bc82e6d897bc1ffbe2038070e7f7135630a5c62f586647bcd740419f685d8c4dbf4d7bd3f88f108a3dfc14289a

  • SSDEEP

    1536:/7ZQpApze+eO888888888888888888888888888888888888888888888888888Z:9QWpze+eO8888888888888888888888A

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (4337) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e6864330dd4a1578af1b7cba23e1afa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\e6864330dd4a1578af1b7cba23e1afa0N.exe"
    1⤵
    • Drops file in Program Files directory
    PID:3680

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3419463127-3903270268-2580331543-1000\desktop.ini.tmp
          Filesize

          89KB

          MD5

          e29a7eca49255952b0ded61281e0c283

          SHA1

          c45b99ba216dd59f91155f6ac15903a358c7259d

          SHA256

          4639c0d80bc4582d5313c81436a84325efa0f4d376dcf3378eb7d197863ef711

          SHA512

          05b46527946b2dccff346ac4ada4fb29d6cac2308ab472bcd9537b8a0152f5f0f1b1da138ceba832c6230a2d3eac7aff3fa26f4a8a10e8065a0ecd5ea25c4b23

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          188KB

          MD5

          a2ffb2184da4273add40df9d3f63ed36

          SHA1

          c0809f85cd88558a1bf14f7626f9b8a74f72b850

          SHA256

          c73fb4523aed7cbe08b1565b0c0ae4e03edc9377c13bd4296617748b6cf59793

          SHA512

          2acd02e232ac90c415da5962819f882af88aa1b2ba1c4568cc0caf7860220fb70d3435bcd23c43bc5f57883dcdb8b0104e79ec570157d9da213d57dd7fb6d95a

          Download Submit

        • memory/3680-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download

        • memory/3680-1788-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download