Overview

overview

9

Static

static

3

88144794e8...0N.exe

windows7-x64

9

88144794e8...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-07-2024 03:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    88144794e8ff144af8172c6dc702d2d0N.exe

  • Size

    72KB

  • MD5

    88144794e8ff144af8172c6dc702d2d0

  • SHA1

    04b30acdc3b3cad55924f1e28805f0ad14d2ce3f

  • SHA256

    08d01c2b82fa401e0daae76dc6a3188d30e4a4a3df0ef09935d1d9962cb555dc

  • SHA512

    72144e3f0775e951e5984cdb8ce6477f056d841d01eee7516a4fc5c887d6bc153f47230ed08c1088139ab09e50977566c2cf53a250ba24d7a25a2d1d4fa0b3cf

  • SSDEEP

    768:W7BlpDpARFbhYQkQzaxkd+axkdo176/hvYaJadn2vGj3vZd5u5Vcyc+:W7ZDpApYbVK4v4n2vGj3v/sT

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3936) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\88144794e8ff144af8172c6dc702d2d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\88144794e8ff144af8172c6dc702d2d0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1750093773-264148664-1320403265-1000\desktop.ini.tmp
    Filesize

    72KB

    MD5

    8eaa5771953058cc134b642274f22bfa

    SHA1

    7d41403931e7926bb7b9eb478e03663902cbdab0

    SHA256

    18e658f274490adc1bb09603bd1a61fabb3cb8576efcb9f01e23fbc5ea66e6bb

    SHA512

    259f56c2a0e19032d8b8ca3adfbdf65afd7af3fe686d9b178a0e0c47e7fd3cdfd2aa974d92dd8c61b4ca124183c6840eaa1f607c6ec4cea3eb6cc8b16319786a

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    171KB

    MD5

    1268c8d78e0d2e9c97e76959f2092d1e

    SHA1

    993ad023b72143af340716943ce53fffb94d7904

    SHA256

    99af9d9bbfc0d9ed980d8d755f38bd1bf0518c324b40ee36789327da8b659d80

    SHA512

    8f670fe1f14d56ab08a6b0f4b479b4794991a5cc23161eaacc9f4fb0582ac75a47f341d7db08f3ac1fbdae46c7768ed6c09e56b7331e2adbd4b8ca98f45dca8d

    Download Submit