Overview

overview

9

Static

static

3

a5618b9e92...0N.exe

windows7-x64

9

a5618b9e92...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-08-2024 09:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a5618b9e920bb0df8e3c0a7e419d8780N.exe

  • Size

    194KB

  • MD5

    a5618b9e920bb0df8e3c0a7e419d8780

  • SHA1

    d5457f297f057d977d3aae202a8897b8cdb24453

  • SHA256

    1514af646f19a9463f0b06ed69df94b354dbd2979c22b80f0ad49ae02d925506

  • SHA512

    65a25e2c3c104d1dfd2117997068e93bb4cdf8bf5f3d7b45978c44caab3567f1a04f3aff57ca054054a38060339d8ba157b37eca8f17801321a31c5921848a6f

  • SSDEEP

    3072:6e7WpMNca3rytOkWpXfnYRl2l/9HSFHzJ0lBJTzkB:RqKB+tOkWKR0iJ0lTzkB

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (4202) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\a5618b9e920bb0df8e3c0a7e419d8780N.exe
    "C:\Users\Admin\AppData\Local\Temp\a5618b9e920bb0df8e3c0a7e419d8780N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:5064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.tmp
    Filesize

    194KB

    MD5

    e49c5c7d5262dbd5a0872011a449bfe1

    SHA1

    1626de67583b0c8bd40c4122a2f8d2ae9fade86c

    SHA256

    df39bdaca0eca49fccc412c6bed43f5c8300b6e32837ce1cdce61e7d77677e4f

    SHA512

    72fac9a3b9d9071fde813d2ed09fca15941e1003f6f746a95a98c6c6727150938073d5256a8db130ebd870820957c623d59d17ee806b5bd8ba5e434f878c4267

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    293KB

    MD5

    c8c601e1e0e683b00cd91e2e33ec3231

    SHA1

    38529e532e0ed1063ba70b52aba745c82f1c5cca

    SHA256

    23044b458437a9e3196fcaa0fae65d4ba3db957918dc69d87b520695e2fa55bf

    SHA512

    d8fd45904938decfd73422080a1b1726d36400fd9874bbd630830a7703cce69756b1da8e845051997a57f83eee585ba11836c143af6a76d065ca837257356de6

    Download Submit