Overview

overview

9

Static

static

3

409f15e03d...0N.exe

windows7-x64

9

409f15e03d...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-08-2024 09:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    409f15e03de4328372235a93c81f2480N.exe

  • Size

    61KB

  • MD5

    409f15e03de4328372235a93c81f2480

  • SHA1

    57b4a3ce858b1fd17ed83168dfcacc90f2743f4b

  • SHA256

    7f3a19142f7da149bc4f86778b77476b3d5922c45b76ea0cdb40d6c38f303b84

  • SHA512

    9d1bc47355ad29a6e6172112dfc67716bfa3f707a5534631e978bc863bd8125e46dc24489702ecf8a98492a78792c37669cde357bc47b23cf99aa7a21705ddfc

  • SSDEEP

    768:/7BlpQpARFbhn54fmiy+3BVr54fmiy+3BV6nE1016Y/jY:/7ZQpApmi6nAY/jY

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (4652) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\409f15e03de4328372235a93c81f2480N.exe
    "C:\Users\Admin\AppData\Local\Temp\409f15e03de4328372235a93c81f2480N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1292

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1302416131-1437503476-2806442725-1000\desktop.ini.tmp
    Filesize

    61KB

    MD5

    93fa3307195070282eb72ae61ca72c90

    SHA1

    93d3b6ba0a8271782660528c38798fdc86d27584

    SHA256

    d75d269845629057073fa39691861a440703503e59a87cbe31040566325b79be

    SHA512

    e975d166046c757c8be9e0b2e032379f81ac3f5697d90261784d8547782309a6955a006bd7d9c7ae61cc8ee53d02df03d47a2db5ca1a6a1b20a3ddb2e1722548

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    160KB

    MD5

    d7dbde3089f0bb0fc33c06440780a142

    SHA1

    a4e021fd6ca8a1406f86f033c9ee48cfd0805bc4

    SHA256

    7d088459d70dbcc897935193ee4a2575c3ac24d59bc6dedc8f0ce935813dcc55

    SHA512

    419b8105f2ecc0ef394746167c25015db73af957259da0e237077e757cc02f1c4f723174c5fea60c8cb531848765852d11a24330d5bcdd309de2d41261b3bf35

    Download Submit

  • memory/1292-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1292-1972-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download