Overview

overview

9

Static

static

3

3ea4e957a9...0N.exe

windows7-x64

9

3ea4e957a9...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    03/08/2024, 03:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3ea4e957a902a6405c52a06b682f8f30N.exe

  • Size

    58KB

  • MD5

    3ea4e957a902a6405c52a06b682f8f30

  • SHA1

    1931d2f18aeaad356837bb4a82139d56bcc28d81

  • SHA256

    d3dbb999bccabde02965215310c668fdf9eba38317dbbb631801291a5e41b77c

  • SHA512

    1b18e491ca0f4d15524c345beebcaba6952230e85ef8aee7263f6d9614e0be0f63dd325c51440cf06be37aa95bfae9ee14ed1ac732d88fa89658e7cb057e8ecf

  • SSDEEP

    768:W7BlpppARFbhjbhg42LcfpR42LcfpVF/MF/3Nw/Nwk0cEMdV8IEMdV85/T2wqv2/:W7ZppApBULcfpHLcfpX2/Nw/Nwmxk

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3192) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\3ea4e957a902a6405c52a06b682f8f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\3ea4e957a902a6405c52a06b682f8f30N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1648

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp
          Filesize

          58KB

          MD5

          90b4b6e09e0a60b4e1eb9c7bbb16e642

          SHA1

          0961a64a9399f215d3366942839fcc2625960f0a

          SHA256

          d626dc649410e127967b3ecf60ed6881cd51cf80aee409393dd8762e5ac67c0a

          SHA512

          64f5fdbe0a8a077c8c0259270acf6e2c4121a42021f83559d8fc05a7bf89ac05178e43c4f30284f7cb7efd0720be3f23a1f51f29c18453d8adb2d9c5089ae64f

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          67KB

          MD5

          5538be75d2adfcae2518ad72fccac9da

          SHA1

          4328d984e275dd80358ed8c760d9dcf5ebb5bb10

          SHA256

          496dc08eed15cca38e28e2ddea6d6c2e17edd1012b9beec47c59efee3f6d15e5

          SHA512

          9594186ef837cd2a6414f5e74b472ccbc82a1ee402db799478b154dd8f548ac7cb81ed331fd48efb27be8c4c059650d9e4a056b1515a21ea43f959fcae4fc386

          Download Submit