Overview

overview

9

Static

static

3

1d123016c1...0N.exe

windows7-x64

9

1d123016c1...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    111s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 14:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1d123016c1e146edbce54643e4d03db0N.exe

  • Size

    72KB

  • MD5

    1d123016c1e146edbce54643e4d03db0

  • SHA1

    3fdb3a4d94ab8b67e366529d783a7fe7300ae92e

  • SHA256

    aac367ebb0a7509c9005ad105631f7d908e1be09f1882b85e0c50cc44de9a73b

  • SHA512

    1b0894508788bfcbd8fdf6263d856d2415014d1cf2ac6c922aeae7694b9c03b9c6ec2a464a6816ec67c6aa5c9eb7b32258bd53280273158ff9b0385ca55c2092

  • SSDEEP

    1536:p7ZhA7dAp1++PJHJXA/OsIZfzc3/Q8Lv057:Te76WQSo6vs

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3519) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\1d123016c1e146edbce54643e4d03db0N.exe
    "C:\Users\Admin\AppData\Local\Temp\1d123016c1e146edbce54643e4d03db0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:448

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-47134698-4092160662-1261813102-1000\desktop.ini.tmp
    Filesize

    72KB

    MD5

    bb7a92853dca4ca2f45fa76ced931e0c

    SHA1

    92230c81b9acb7397a213722b50f84f68f73cff8

    SHA256

    efc04a325a39ec958ca4240d67b3c2ae08a54fba431b7e07bdd049ca8bab336d

    SHA512

    bf9499b1f6fef53a2489278925fec2782eed5ce8927cc39f7bffe9c33bd76400ecc1ba9c86369856f113bdc4a27e8ba3a2a604084c5c121db505367186dc2fc7

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    171KB

    MD5

    1e76fd3eacfd175b178605f5d72792a0

    SHA1

    88e1ca1b4230d63fba92bb47e89e6d38ef6c836c

    SHA256

    ff7114c9bdd4da41340f8ed37990240330af9587d72ef48be4222b024da2debe

    SHA512

    0d41061c5b5552fb25a5f006aceff769fc1ae2df325034de61d7c9be96a0aa4e69a1533e4369383bf30ffd420c55c172ff4eabf5ceb52ec352b50375e87034d9

    Download Submit