Overview

overview

9

Static

static

3

e945a73c42...0N.exe

windows7-x64

9

e945a73c42...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/07/2024, 16:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e945a73c42db1c1b5eac8a3a8a151e00N.exe

  • Size

    100KB

  • MD5

    e945a73c42db1c1b5eac8a3a8a151e00

  • SHA1

    10fae795b8312648cc1d45b7454eeb1c0614e1b3

  • SHA256

    1480a69a30c4c59b9807f5f8e5463769eb3c3120d9d7edf337fe33f741bd2f52

  • SHA512

    ed9e4c7ad40c335a1ac923a02597439556f931e1c83e2502376c64df383508266478562c05edbc8a5c2ce855218dba357a60fe213c999aead51c756a2d92e0fb

  • SSDEEP

    3072:9QWpze+eO888888888888888888888888888888888888888888888888888888U:Lpe+ekeq1m

Score
9/10
ransomware

Malware Config

Signatures

  • Renames multiple (4018) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e945a73c42db1c1b5eac8a3a8a151e00N.exe
    "C:\Users\Admin\AppData\Local\Temp\e945a73c42db1c1b5eac8a3a8a151e00N.exe"
    1⤵
    • Drops file in Program Files directory
    PID:4368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-384068567-2943195810-3631207890-1000\desktop.ini.tmp
    Filesize

    100KB

    MD5

    6a5e5b4d1fbfd216eab6a3ecc65e9020

    SHA1

    d7b76c88642c5ab8041b351136a52c4dcb9eadc6

    SHA256

    a7ec9d5c521f874439854f96e3f30ee9d81c3e86424d779e4c86319ab63f10fe

    SHA512

    ef87faa9bded3c2c8d90b56d840859f5e88b56f6c9c7934f5e2f10600f8703a80ad943191bc2a1e6eea4b4838c8157ebb0f7aaec0b830bcbaed3df0b36254c66

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    199KB

    MD5

    d5955c012467801fd770f5dfc9d11e1d

    SHA1

    2bb14120fe19db71e9c9e9c33fee3e5b2b2136d0

    SHA256

    db901d411bd09d2e764edc5d7055fe8cdbea5afd90c82be0d38c0d579fb98d8d

    SHA512

    085d9f252520f4697fa9ba17ba537f1fc26a42dca06719a73b60947873b87b8e75c7dfb4e68605aff619db8c78043fe68de3f0cba5b14e67ca597dd5aef7b18f

    Download Submit

  • memory/4368-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/4368-1598-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download