Overview

overview

9

Static

static

3

88144794e8...0N.exe

windows7-x64

9

88144794e8...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    27-07-2024 03:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    88144794e8ff144af8172c6dc702d2d0N.exe

  • Size

    72KB

  • MD5

    88144794e8ff144af8172c6dc702d2d0

  • SHA1

    04b30acdc3b3cad55924f1e28805f0ad14d2ce3f

  • SHA256

    08d01c2b82fa401e0daae76dc6a3188d30e4a4a3df0ef09935d1d9962cb555dc

  • SHA512

    72144e3f0775e951e5984cdb8ce6477f056d841d01eee7516a4fc5c887d6bc153f47230ed08c1088139ab09e50977566c2cf53a250ba24d7a25a2d1d4fa0b3cf

  • SSDEEP

    768:W7BlpDpARFbhYQkQzaxkd+axkdo176/hvYaJadn2vGj3vZd5u5Vcyc+:W7ZDpApYbVK4v4n2vGj3v/sT

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (2604) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\88144794e8ff144af8172c6dc702d2d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\88144794e8ff144af8172c6dc702d2d0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:588

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp
    Filesize

    72KB

    MD5

    d112555d589c15c36610ae7bebdf8f58

    SHA1

    75afebe4f3259f086798f92a4079818d981f0c44

    SHA256

    417d3de907a4d3ec5be8d19807c2a20654d6fe370221383baa4e8436c22f7291

    SHA512

    c50013237baf9f1c6fb138fb74a089d1ef7c2ae39c965c2e4eb6a244c649765f09402ea145cf6912d2ca9843bed661314a8d0b2bfd145abe5c5d9418a3136e00

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    81KB

    MD5

    09a9231876c84061c2e09e8c5e81a273

    SHA1

    5a84556f251ef78d4b53413be7b14cc8731c0eb6

    SHA256

    b8c9897f2f08e32b186b3b680bfdad09cdbe2e5e22f01dea310e5c5df4b63007

    SHA512

    83e7bcfdd1731d1f68524b6ed056f484a0b800fa1cf4fd47cc15b1f420049a7ecc9c6bcedd077bd87f47284129e114e6fd124e4dcbf28a58b17680d26b5a63a2

    Download Submit