Overview

overview

9

Static

static

3

9d8aaa7e83...36.exe

windows7-x64

9

9d8aaa7e83...36.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    10-08-2024 00:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9d8aaa7e83048936ec9bf82746b91f3302659ee5d7e4063f131314d9a0776f36.exe

  • Size

    35KB

  • MD5

    b7e06596a075cb498d59e6cd44dffee2

  • SHA1

    9414042020003a7b20f058f29e8dede49a43cab0

  • SHA256

    9d8aaa7e83048936ec9bf82746b91f3302659ee5d7e4063f131314d9a0776f36

  • SHA512

    7278371e2c807e2f58210995163e9c4da356476c46209d1545c3480ff05ff42a1f18ad74de7e49e5dd707eda243094b9c9eef66da455f3ab3a36bc919461deb0

  • SSDEEP

    192:pACU3DIY0Br5xjL/EAgAQmP1oynLb22vB7m/FJHo7m/FJHA9jxje6OMmy6OMmB:yBs7Br5xjL8AgA71Fbhv/FzzwzO

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3886) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\9d8aaa7e83048936ec9bf82746b91f3302659ee5d7e4063f131314d9a0776f36.exe
    "C:\Users\Admin\AppData\Local\Temp\9d8aaa7e83048936ec9bf82746b91f3302659ee5d7e4063f131314d9a0776f36.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1148

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp
    Filesize

    35KB

    MD5

    59093626569af2610de57d72092b4f35

    SHA1

    c332e3355be550a473dbfc8808ed83a044f6ec4f

    SHA256

    afe59b7a607d9ddf60dd902c040cb1c11a4f10d62046ecc46d08b20402785c1f

    SHA512

    55a62b7b20892d573b32e71766c424b846f0dee6080e2cc6a93df76e29165449c25f0fdba24a04e4e623c37439de3c74fbd0e99623e8c13aa22844c1c5e4f335

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    44KB

    MD5

    7c1cd372f8cc3ef5fb0fe32d6749a377

    SHA1

    0188e19acf85c6df48ed85b9b56cd3c38632cf1c

    SHA256

    14193e90f0d71b7802314a734d85500015a189b1584b9142992823b35bffd466

    SHA512

    99efea414637845de2db36abdd194f3b58e44a8fa45ddf15c3a6023498eaa97794a0a171428aadf39c7dc5d408ad66433a92ecdfb88af981858cb1c4426eac67

    Download Submit

  • memory/1148-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1148-660-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download