Overview

overview

9

Static

static

3

2e5eaafdfb...0N.exe

windows7-x64

9

2e5eaafdfb...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2024, 01:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e5eaafdfb958bf3f6a7f2c3672ed030N.exe

  • Size

    50KB

  • MD5

    2e5eaafdfb958bf3f6a7f2c3672ed030

  • SHA1

    0cfde6059a8baf47a5d2042bb3637959b89ac46c

  • SHA256

    e955af7c49b1548edaa781f60ae8dfcfeac1a5a624c4b0f771e0795f01bd61ac

  • SHA512

    a0f02dd9c9f921c0d47d95f873ef4ab9945926c0be05bc2f23c702710a8736f8cefa66b6d27ebf5229ca95aa9637dfb7ad8191dd36499fe87ac34bfa7beb5e0d

  • SSDEEP

    384:GBt7Br5xjL9A7AgA71FbhvnIH2YsTKnKqtaW3WaEdW3WHY3SjSGNT:W7BlphA7pARFbhvOsTKnKqtkYi+GNT

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (331) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e5eaafdfb958bf3f6a7f2c3672ed030N.exe
    "C:\Users\Admin\AppData\Local\Temp\2e5eaafdfb958bf3f6a7f2c3672ed030N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2304

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
    Filesize

    51KB

    MD5

    06d2c51b8c71743ad59389d0f0a358f5

    SHA1

    2c6445673c5d21e69edf5ad35af0e02ad4c27f33

    SHA256

    bddf188ba804d62f47539f27239fac065584ee2b3010c39f356ed7102d1c54b4

    SHA512

    d2b6b7dabed30cb9087164aa17b1b34d7a426b8ddcbbf03ee19a344c151e4b91856df5e03c5f556407719ba69c699c366ab13de78cea126f63cf050376de5dae

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    59KB

    MD5

    8e26ef3c238ac2f0316bc5b251108488

    SHA1

    485851d87b93ffb3f458cb2cdb9d467c5e2a75e4

    SHA256

    50b500ec0eee12c919dd627335b5726041a7f3ef981ba83a361226e5c16a0033

    SHA512

    0de64eadd9519971e88ed4cf4916126d71d593f987ad075cb8b3501a66771376c5b510311bf1c24804e0d6bd54315240068fb8d57786ef11efb27b267e68d57f

    Download Submit