Overview

overview

9

Static

static

3

3849bf72e3...0N.exe

windows7-x64

9

3849bf72e3...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    14-08-2024 10:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3849bf72e3fd1c8577cafa0d75648d60N.exe

  • Size

    52KB

  • MD5

    3849bf72e3fd1c8577cafa0d75648d60

  • SHA1

    d57c04ac813ff1a5ed633c1f0f9ce62cbb1e4e49

  • SHA256

    c77eff773598db457e8f45206a410b0e97242f2e4b077a9b6620f54e53b332f7

  • SHA512

    7af40b2d60f5de8b399e560b38fccfc9d06c5548e5acfcc8b020b55388ef464129879f44da27fa4961c8bcaa88f6fab782d24300703828d611c17fbc0792929a

  • SSDEEP

    768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFY101g3B3WnSdWTW4:W7ZppApBULcfpHLcfpyDrnSdWTW4

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (435) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\3849bf72e3fd1c8577cafa0d75648d60N.exe
    "C:\Users\Admin\AppData\Local\Temp\3849bf72e3fd1c8577cafa0d75648d60N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2508

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
    Filesize

    52KB

    MD5

    e8fcd45a0edeed93b0aee560f38072a0

    SHA1

    94e9cc3c830fbbdbe6e40ec0ea5393df1d02e7b3

    SHA256

    fc5eeb5164f1f1433a2a9d234bdceca7bda7fcc9a5b6240899342134eeaa706f

    SHA512

    789094671bf31f8682556406052b58deb8731c4eceee1bdb4144acf1c6f47e6a2e13d22c4a1e624a36a035f34e91bf0c3a3808850683d0b863634cb2a69fbabd

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    61KB

    MD5

    13981c638643ebb819c3a1f41b6a1be4

    SHA1

    ce22bd03f52cfd48728cd5b7fa140437af7e7796

    SHA256

    28d7e2a3edfe7c037754cda71bb05071836a382d2e3e9c9237c0aa4fbc1d0c7f

    SHA512

    532a8cb8f7c8f54828e86049766128c7a56c459407881bb744b5f3b699709a8d351f7d96065f39e717f53b1c25fa8f59cace631e752135b470ac0fdeef7e600b

    Download Submit