Overview

overview

9

Static

static

3

1d123016c1...0N.exe

windows7-x64

9

1d123016c1...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    26-07-2024 14:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1d123016c1e146edbce54643e4d03db0N.exe

  • Size

    72KB

  • MD5

    1d123016c1e146edbce54643e4d03db0

  • SHA1

    3fdb3a4d94ab8b67e366529d783a7fe7300ae92e

  • SHA256

    aac367ebb0a7509c9005ad105631f7d908e1be09f1882b85e0c50cc44de9a73b

  • SHA512

    1b0894508788bfcbd8fdf6263d856d2415014d1cf2ac6c922aeae7694b9c03b9c6ec2a464a6816ec67c6aa5c9eb7b32258bd53280273158ff9b0385ca55c2092

  • SSDEEP

    1536:p7ZhA7dAp1++PJHJXA/OsIZfzc3/Q8Lv057:Te76WQSo6vs

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (304) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d123016c1e146edbce54643e4d03db0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1d123016c1e146edbce54643e4d03db0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2292

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
    Filesize

    72KB

    MD5

    de0df9ac9762c74f3a25eb1f46802211

    SHA1

    a03f050c2b9585eec672d31be69fe4f82e789167

    SHA256

    1d4fe89edd3d68d54c867511030e08ed33120fc4f3981a040e3e3725afffc392

    SHA512

    ba595b4fd7c992c6a074df8f3281059e8d8c740fa82998f1890bb069e4af79188a1a81e8be2c09cb500aec17cb24ceadd26ff60a1672213bd1e075207257b025

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    81KB

    MD5

    4d49bdc125311c388ac21ee638293451

    SHA1

    5ebaecde702e6eaa69f4e267d1b7ddbe44c1dbea

    SHA256

    74ef283437b44b83d4350bc8a1c2f7ed99f977481c1561af274381d29088efc7

    SHA512

    35978404e87bf32d4a624329afaeefb603127c7e3d8065fe317dd16dc1763eef29e7429b92ab5dfe143764c568c7d4423b707c45c4223580a4e0b1ca6078162e

    Download Submit