Overview

overview

9

Static

static

3

bf9ee2e0b4...0N.exe

windows7-x64

9

bf9ee2e0b4...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    02-08-2024 17:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf9ee2e0b4ccac66e8f88aad9c68a750N.exe

  • Size

    68KB

  • MD5

    bf9ee2e0b4ccac66e8f88aad9c68a750

  • SHA1

    45e71e4eab2fb4ebcf2639d4f41dd64c7c74b627

  • SHA256

    312bdd42afbdb8dd24ee7e8aebd17de1a8da052c743ade17f2ccdc957ebd3736

  • SHA512

    f7b4b136f56e54d236b3ec11041a1e6355c9b0fcbe159252bd2edfa10847c83c9cf894de2cea3809a8fc8f588739f88ef17214365377573360a529e26954d817

  • SSDEEP

    768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcC+3mC+3meDAfABJ6fABJwEXBwzEr:/7ZQpApze+eJfFpsJOfFpsJ5D1

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3139) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf9ee2e0b4ccac66e8f88aad9c68a750N.exe
    "C:\Users\Admin\AppData\Local\Temp\bf9ee2e0b4ccac66e8f88aad9c68a750N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2756

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
    Filesize

    69KB

    MD5

    7778eb064a5c44d09521fb6815ac4526

    SHA1

    3234b3e37999e58902a921c0b1f601ce1aebc94d

    SHA256

    efbf8c1e87ab84c8db803f846caa0e7262c7dba4154d93760d782df9f7c28ce5

    SHA512

    e024b7d370974ce604b038291716fa2e9fa4e567b54c1e64da825bc858e178515afac24bb4d76df5ed159d337c3102c217b33030d95adbd903a7a23c010f4431

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    78KB

    MD5

    c7c6e48df96b4c1cd753950b0d8dfc69

    SHA1

    e3c362fbcc2ba3b0b4163a3b9809326c5fdf4dea

    SHA256

    998f84db38d3944a4f77e5b58a3da8cbb1ab9fe77353dc0911b48e3339ce5462

    SHA512

    c5522c8bdb0ce79ff6cedff800a78fb25bba57606748f2d6ff9b0f1b6d01b09a009eb854c9e705a30a1d19d5832a02be2135773f808269e5b5a74d4a3a656d22

    Download Submit

  • memory/2756-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2756-646-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download