Overview

overview

9

Static

static

3

4a1dd7688c...0N.exe

windows7-x64

9

4a1dd7688c...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    06/08/2024, 02:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4a1dd7688cf405e63486ae6bf1293f00N.exe

  • Size

    41KB

  • MD5

    4a1dd7688cf405e63486ae6bf1293f00

  • SHA1

    f64ff7b01e77c60053b48ab0fc463a704bfcb9cc

  • SHA256

    06396390bc1a475df3b4ce7414fe53be0796da97420257a6fee9b19798d62a81

  • SHA512

    be7347d837f9f24d3c112c83adcb128d320eb4d027d069c16d3ab3ae4b6844c0c2d6941d75b8bdf45c3f432b88b9703d9e3de449b8e8a3f336884840ac9ff304

  • SSDEEP

    384:GBt7Br5xjL9AgA71FbhvuNBN10wpAp/lvolGClvolGwTCus7sczBD:W7BlpppARFbhbt7Y7wTCnBD

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3249) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a1dd7688cf405e63486ae6bf1293f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a1dd7688cf405e63486ae6bf1293f00N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2416

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp
    Filesize

    42KB

    MD5

    98dc59f5236922b471ff0428ac97bb83

    SHA1

    884819a4d1da9053e02228742ec1b9b98f2b8fbb

    SHA256

    6a5a3d0bfda45adc1904fee90672a8dc54365937476f9d62a3dd4938bcb5eadd

    SHA512

    7050ef1ba614c22c66b245b4d1ac9d4515ab85969b748a260333771451115292046057ffd8523443f227ea467a30696ec1f5cbfcdec64175d2df00bb97f899fc

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    50KB

    MD5

    ba595471b60fb67b7579ed8f906a5000

    SHA1

    f59c56aa7d9a71632b9f9f83f6a426315b434da9

    SHA256

    3e5ef5e492f6503e744c22fc98a76f214873928104825c9e04a72a314e11c2c7

    SHA512

    026794fc89ce03ac698b39f8702b2a3c1fe2c4dda7b2c3c2ab984c1ec37ebbc6734acf62db5776ec7970f20bb1f7f6bb5127e8c51491d3d2066f99e9d4853ae7

    Download Submit