Overview

overview

9

Static

static

3

825d14dc71...0N.exe

windows7-x64

9

825d14dc71...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    05-08-2024 10:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    825d14dc71a4be039591493acc92f780N.exe

  • Size

    59KB

  • MD5

    825d14dc71a4be039591493acc92f780

  • SHA1

    15d877f0ce39adc968360993a4ab50b4fcc528dd

  • SHA256

    a2b4815f7851dede8afd3996a633b737e4d92c9576d7c3832bde454c7beabfbc

  • SHA512

    b9c91f2e34ea0b2240b68e34243792aa02f4718438ab747b639573beeb5223f53ad655d9292e1d3a8c2e09baadc2ce029ed3f4625d2b426581e1d7d5d34a1bc3

  • SSDEEP

    768:W7BlphA7pARFbhOm0CAbLgsNCSNC0K+R8PERuV3u5jwhh/EPP/E+vWi+/E+vWiDv:W7ZhA7pApH16m3ueTg/fu/fj

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3321) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\825d14dc71a4be039591493acc92f780N.exe
    "C:\Users\Admin\AppData\Local\Temp\825d14dc71a4be039591493acc92f780N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2336

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp
    Filesize

    59KB

    MD5

    747fb47cecf0f6afe062620f85a30de5

    SHA1

    d76ea09295c288e913b8d28b6bb205b42bf14e98

    SHA256

    7131513309600547df04606cd9bbef5b22226432e15efe13cdc3fa484f2b5287

    SHA512

    2f18f3ffc1df26028a97702755d7e9d760459c2a408d4fb5864946a61cd42bd1e434ad0013e3f120416a807d29cd139ec36fde6acba5fd8c29739fff68f0e063

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    68KB

    MD5

    23101891e63a56366b15c623f1375717

    SHA1

    1907651773d184204b31d7dc6b9244666e49426e

    SHA256

    4f712c6a688d490723133f1a5a6415ce0c43052bba6574040e7f798043d92535

    SHA512

    e3b99f1ebd5adb3b837c4ea26945d8cceea0b38223790d634b01a64b82e82ae0a652fbaf01a63bf2a00fca1b8b832b77bfe40d896f3913a8909829ec7249cd2e

    Download Submit