Overview

overview

9

Static

static

3

140d299ed5...0N.exe

windows7-x64

9

140d299ed5...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    23/07/2024, 22:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    140d299ed59d5d61227053ee68a48c30N.exe

  • Size

    81KB

  • MD5

    140d299ed59d5d61227053ee68a48c30

  • SHA1

    5ec3c510599e3b39a4f6e67dfe12fa2bf17487ab

  • SHA256

    950c8085355d2af7307157e00c28c2ec33709d8ce1e871f08ddc5a321db05f54

  • SHA512

    9d7672382106a9dfa2d0a43416073b75e71a337b2d8a2e7fa1e68552294723470f0ef723db6997b17f5968ffdfcc7a6cd625d30747262233a0d87664ba33b844

  • SSDEEP

    1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBK2LUf7XQeEBIEBF:69WpQE0zUzXs

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (2893) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\140d299ed59d5d61227053ee68a48c30N.exe
    "C:\Users\Admin\AppData\Local\Temp\140d299ed59d5d61227053ee68a48c30N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2672

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp
          Filesize

          81KB

          MD5

          65f25f11c296557ccea664ded17a823b

          SHA1

          3a70f9230d8d20b338924143781e23959d50fad7

          SHA256

          e4769bedd1e95a97a8636ddbd1d758c39e82abe1a0fe52471b761542f114c003

          SHA512

          a626e0b01b2bf06a16d2089bb33f8b9a6442624056ca000dd47d955966653a59a82b95bb8c57a9634958b9f5e6b5500183bdd6b95d81516d1eb0a64d42ac4af2

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          90KB

          MD5

          a93fe6aa5427df2a7829e7871404b71c

          SHA1

          d038dd1c5aaead6d5ea253efc83a418b971ccc9a

          SHA256

          091dedaad0200be622cb3f1cc222d949b526b452a41e9e48052e9efcff1aa1b5

          SHA512

          3f7fd1cd2f13beb98dd57c26f28d6680758670715b08d4f1da47b6ff2c01a9729da1c5f111fc282cde4f9c0d945fe9baf1afc410d82a02c3c0290cc949c2a73e

          Download Submit