Overview

overview

9

Static

static

3

b6f2bf1202...0N.exe

windows7-x64

9

b6f2bf1202...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    05/08/2024, 17:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b6f2bf1202647c311d603bd63bca6aa0N.exe

  • Size

    42KB

  • MD5

    b6f2bf1202647c311d603bd63bca6aa0

  • SHA1

    b83814df77049d55cb3e0e4b4da0d2db2ee58bbf

  • SHA256

    ed91efd2e4debfa6037d54302e4237ac16877acfad6aefcf2794355d383ebe70

  • SHA512

    8b15298578d14336aec5c0f385429cd58e1de220709b0590edd01abe4e660159f9a2110ef92e026448118aa57314ddca84eec70841b039d911be3b2cd478ec95

  • SSDEEP

    768:W7BlphA7pARFbhOm0CAbLg+sojrGrie7j2e7jD:W7ZhA7pApH1+sywv7jj7jD

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3285) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\b6f2bf1202647c311d603bd63bca6aa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b6f2bf1202647c311d603bd63bca6aa0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp
    Filesize

    42KB

    MD5

    39103d9bfa1f5f7bfc673e766dc0d1c4

    SHA1

    4cd8fcbc37b53125e70fcebb303592d376c02525

    SHA256

    5aba66d7f95357400f349eb5699de6528f7dcfc606043e3217cb997988300f5f

    SHA512

    8eaec8ac4eb1c2cba378037652a72b55ffab3e6e7f0201502d50d5d9620f358b207f2a7eedeb5e010c1a8927f3befe806b1c760619878bb6d53eb7cd20c3497f

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    51KB

    MD5

    b9d17b25a699d9eb6519896df8dbdd86

    SHA1

    779eee1bbfd7cc5425b82efb32debb4127da5a60

    SHA256

    965f9755e3da754edc5362de44ac503f6fe9a3cdf32a173b4c5ad74aafa38a0b

    SHA512

    b855e78596534a019340ef5e16bbbf32b745ca5f9937b32bd982710aff1255ff62e28fe5071a2c575abae7c2a1fbc1b47b0e32fc55d11aacdabbdd7d6212eceb

    Download Submit