Overview

overview

9

Static

static

3

6cfe54b45b...0N.exe

windows7-x64

9

6cfe54b45b...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    21s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2024, 06:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6cfe54b45b7f8e9683ead4ebad05e770N.exe

  • Size

    41KB

  • MD5

    6cfe54b45b7f8e9683ead4ebad05e770

  • SHA1

    9235efe360af71b5d1581042618dcbd633a521af

  • SHA256

    61c11736e716afde6dcbf1bf9fe092d4a5dbed4bc50b1bd580dfb4a5750bb7c0

  • SHA512

    9ca1d0307a7fa585cfea075c990d984834a2570b0f29aca74fa93dcb5cd41c37976063def1d89fabae90156d06c5ba8b28288e182e06c762711cffd043a4ae94

  • SSDEEP

    384:GBt7Br5xjL9AgA71FbhvuNBN10wpAp/lvolGClvolGwTCus7sczBH:W7BlpppARFbhbt7Y7wTCnBH

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3151) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\6cfe54b45b7f8e9683ead4ebad05e770N.exe
    "C:\Users\Admin\AppData\Local\Temp\6cfe54b45b7f8e9683ead4ebad05e770N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1296

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp
          Filesize

          42KB

          MD5

          35eade6d6a404d6d38cf7c798bb8d736

          SHA1

          b0b71b44b1237051da73b33a266b222458474d6c

          SHA256

          c8565855b818cd9f61ee27592a9e467fe5817a772fb9fbff61c290fc86d7ce61

          SHA512

          05d84ebc1dfaa1cf369cc8ebe7829d8d7ae97d74ce081f8f4081678b2d8c42eb2607fbf7ba687c4d38e40c3783eebf9b2746808e48c07c9683f340a86fb03960

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          50KB

          MD5

          f47112d264354c7cbfc48d25067ddf5d

          SHA1

          b75f9de09d6de8a66b0f73e4c32f14946e6ab4aa

          SHA256

          c6f6e3e64c71382b9dc3f24456fa629ab6ac128c50bbaf9447e3f698b10c078a

          SHA512

          fae505892a7afd098063f7c7866ed5bd3f3db959e258414e81d32166aeb9b03964b8ad7a5a0b01ced0812dec842aa10cbbe1e339c808cd0d06ec1ce9ee73fd76

          Download Submit