Overview

overview

9

Static

static

3

5b09f5e443...0N.exe

windows7-x64

9

5b09f5e443...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2024, 05:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5b09f5e443bf42fdee5b424c2022bf10N.exe

  • Size

    37KB

  • MD5

    5b09f5e443bf42fdee5b424c2022bf10

  • SHA1

    05cc8335e7a7cae320290a16b020395d042875eb

  • SHA256

    737b5e38295d338e4a13d6b96f4820a477de8ac1a2261d60a7c7ac04e36574d1

  • SHA512

    6a51ba24709c50640d075d08375eb7f1c17285324ff5813dce04a20d14baa84a8c7fda813d078aafacf301f33c8e34e7f2f15a65a94a3d61e941c83c1f0238d3

  • SSDEEP

    384:yBs7Br5xjL8AgA71Fbhv/Fzzwz8wAxAJUOWwAxAJUOT:/7BlpQpARFbhNIsxAJU5xAJU+

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3448) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\5b09f5e443bf42fdee5b424c2022bf10N.exe
    "C:\Users\Admin\AppData\Local\Temp\5b09f5e443bf42fdee5b424c2022bf10N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2660

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp
          Filesize

          37KB

          MD5

          b3cb160339b1a8443835606cffd2e73f

          SHA1

          2bdfd77fc04b51fdc9f23b74871b83cc8b2fde0a

          SHA256

          0fb733bf1fe89895bead7dac7c50d6b1383bff1612a204c2dc1119c4cbd34a04

          SHA512

          33942fe3f3b759d7b6f09b37b79e7bd8a70880bed9ad4e71c4d130c792dd609cb9335383a72770d20948821f2f676e49388fdb3360f687239c14ca12e80730ec

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          46KB

          MD5

          4175f0b3b09a332dc479f0390fb33c70

          SHA1

          5883ae53a66b010a9447e18fdad036380cb81a8c

          SHA256

          44605fecd0b07fc5d253da44104ede344df45bba934fccbce93ff78f7b0301fc

          SHA512

          b56680da16dd769d3efa2aac997fdc61254dd9b9946ef6d5448d2247b2ba4c03b89b67ebca9b868c606f7b312499d250c7253845792b98b6f44678d745df7355

          Download Submit

        • memory/2660-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2660-664-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download