Overview

overview

9

Static

static

3

7cfa95cd17...0N.exe

windows7-x64

9

7cfa95cd17...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    05-08-2024 10:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7cfa95cd174241c3a719e246e0bf9500N.exe

  • Size

    92KB

  • MD5

    7cfa95cd174241c3a719e246e0bf9500

  • SHA1

    80477eb4239e5e5b44500e50fdc12e8b08166d80

  • SHA256

    121e6d7aa1795f37936e297b119adb12a5dfd6a2c5b915e47f4f752eb4a95289

  • SHA512

    a850ef2f2993b1a60ce343f7d7f08a1f4b4432b21b7698d8467a052bd3dfc910c43ac4bc6c62317e29a1cdd9a24d9c0556dff455e6e645a9b15c80d3eea677ab

  • SSDEEP

    1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/HfFpsJOfFpsJa4X:6e7WpMaxeb0CYJ97lEYNR73e+eKZHfFM

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (2917) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\7cfa95cd174241c3a719e246e0bf9500N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cfa95cd174241c3a719e246e0bf9500N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp
    Filesize

    92KB

    MD5

    694171f1db6f2177c080ac5121b9420b

    SHA1

    438f1835d5e68077401801960f9b756cb8f1e8f7

    SHA256

    2f68ef1784778e9b8491d2996868402da4ebb13c5b70c08fab4719be3c0d1c7d

    SHA512

    c24151a217038ee0a125b118b2c4162e6e9b6925e1977d776cfadb8cb98e9709351f726dc579236f42310c70e4eb35c72b5d57c3dee48ebc2073d6e8ed7c6b56

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    101KB

    MD5

    2c22bfb34bf029119ca46cf25e0a2da4

    SHA1

    53d7bc506f45cebc0b4bc68d3717141522d59ec7

    SHA256

    a2e532da500ab70abab5a55ceb4c1cd07712049a567a28c661e573266349df58

    SHA512

    7074f981ff4059b302a91ef38496ea29cfed5ba0baade916265f788e66b73a60cef69da080d553e7409f074c6dccbe6e1fa3fab06a3ed670960a60be95d2c690

    Download Submit