Overview

overview

9

Static

static

3

8ccec3f1fb...0f.exe

windows7-x64

9

8ccec3f1fb...0f.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    02-08-2024 02:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8ccec3f1fb134e7c1e437e6559f1fc23e083ac611a273927a3a502575cec1a0f.exe

  • Size

    33KB

  • MD5

    137392edba573baf2c6fd3a046818b62

  • SHA1

    8c494f27ccfcffe338c96f92461ed4474383aa4c

  • SHA256

    8ccec3f1fb134e7c1e437e6559f1fc23e083ac611a273927a3a502575cec1a0f

  • SHA512

    5335c8a51cd0beb2378012f278cb548528575357530b7b8674229d0ac24bdae5245c6824567bbe204f2feba7e17e22c9fca6d232eaf3f2fda5d0f4d63ffa502c

  • SSDEEP

    384:GBt7Br5xjL9AgA71Fbhv7bhvo42L5FgAytBpR42L5FgAytBpVA+:W7BlpppARFbhjbhg42LcfpR42Lcfpu+

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3433) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\8ccec3f1fb134e7c1e437e6559f1fc23e083ac611a273927a3a502575cec1a0f.exe
    "C:\Users\Admin\AppData\Local\Temp\8ccec3f1fb134e7c1e437e6559f1fc23e083ac611a273927a3a502575cec1a0f.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp
    Filesize

    34KB

    MD5

    64aa46ae6cfa6f5907d2e4cc79c7759a

    SHA1

    a9a9d489a8e34d018b11d4f2bb6ea518a3ae3b3e

    SHA256

    3ce0c798a255effb566b7cd9df4a4e4263e39a694c56dcdb8b4373d5ead22c83

    SHA512

    640a7acc6d9adb903789bc2e9560ec59dc55356f0dd25b95d11b5b43ad6ee1443e7d113885fea350d9c4165e7ef3a3b8b2f56e5be80c5a7349393d553104cba5

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    43KB

    MD5

    308b09ec04b4dd7a9f3464660fec3a01

    SHA1

    b16ecf6ca9ffeab5431c02df0c8cb22fc40dde7a

    SHA256

    f6a44f924fd5b73de276e8089e32adbed8d8519dc9bf6df4d0f9939a754d98f2

    SHA512

    976f03077e1401d41d6f5f48b1025485190551849803133561ce4714c3e4b57c27f83861187bb9a8cba57232f6bd40c27496a64ba3ce709e0086b6562437cc43

    Download Submit