Overview

overview

9

Static

static

3

0c8de4ae26...0N.exe

windows7-x64

9

0c8de4ae26...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25/07/2024, 21:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0c8de4ae269bd069d31a6962ea522260N.exe

  • Size

    52KB

  • MD5

    0c8de4ae269bd069d31a6962ea522260

  • SHA1

    85a158df984fd60500b03a8cf64ec7008cf6fc82

  • SHA256

    6ef426c0ad0d12236eb157cf78a32556414836cff0eaffa9b78dca5c2e6b35a1

  • SHA512

    16f21da3a6e11d129657f1c7e7cb6a3bc103d4a21de7b476cdc28658711337cb1e3c99d0558f4b81d8162bf840588ed2de743c2d7fef2c83da6d3eb748604577

  • SSDEEP

    384:GBt7Br5xjL9A7AgA71FbhvnIH2YsTKnKqtaW3WaEdW3WtxTxlnR9v98:W7BlphA7pARFbhvOsTKnKqtI1Zhi

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3164) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c8de4ae269bd069d31a6962ea522260N.exe
    "C:\Users\Admin\AppData\Local\Temp\0c8de4ae269bd069d31a6962ea522260N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1956

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp
          Filesize

          52KB

          MD5

          6244bffd76a203eb2c54c1461133a35b

          SHA1

          faee1c04f1d921e85544c167d50b3acc126c1946

          SHA256

          d2153ffe347500d553d3594d009863e3ce1f505cb8e134b97dcc7a74ccd56557

          SHA512

          1d613a09c7846fb887d5ecf570146649133f0b27ccc72dcf70c428323525598d67d6948ef6e8c4170bd9ed6be1c9386adc6ece9a02cbbdb607d6963478fab728

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          61KB

          MD5

          009ae8deb79105ce676a0ec72697874b

          SHA1

          b09a5c40e14215723e1fa0aa465d16ec4f5f6064

          SHA256

          9bf22f72d0147774efb9e8a13eee728b01a736fc7cbaa1896c5ed2dd33b87a6e

          SHA512

          b9bf496cb966ecb7e492379b28a0ca8f12eefdc09ed0dd7523b16fe44f6b54f51df16cf435f129b48d89b9d9885f2bf9b7f8de3abf3ba54b95d218430d82107e

          Download Submit