Overview

overview

9

Static

static

3

a2e793b246...0N.exe

windows7-x64

9

a2e793b246...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    14/08/2024, 11:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a2e793b2469f807dd06ce57e3e2f9ee0N.exe

  • Size

    99KB

  • MD5

    a2e793b2469f807dd06ce57e3e2f9ee0

  • SHA1

    38544199a914de6a4e947fb6dca4ff0aaf7b059e

  • SHA256

    557e12f3b202ab32c105f3d8cb15241fc1da2af9f80c15796c3fffed38fb9e6c

  • SHA512

    df4392545627aa7625c7f66ac99a15a552cc5f4d21418e38d7c1cbb09697967520c85fb4ca3674942a0eb6dabde08e98718a08d8ebe713601ed70acfd826720e

  • SSDEEP

    3072:9QWpze+eO888888888888888888888888888888888888888888888888888888L:Lpe+ekeq1l

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (340) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\a2e793b2469f807dd06ce57e3e2f9ee0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a2e793b2469f807dd06ce57e3e2f9ee0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2432

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
    Filesize

    100KB

    MD5

    46df2812ab4eab544b2c3c001ea7a038

    SHA1

    6bbd39823dbabee053fab4cab5ff051571b43c86

    SHA256

    9f3bf43cfec76c90e216807cd0c6a119d77f28775c932d77fbbe6b938dace757

    SHA512

    583461d2d90bcff51a189c0862076bc9140ea0b1203b52addfbde58e4a09698ef7c69156fe443d8c959b73782a25859c0252a1ccde84f2fca4cecfeca290985b

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    108KB

    MD5

    cf7c7ea1a026677dfd52795bf4a6e97a

    SHA1

    8cfbffd3e41f3f627be30b5604d185600f313814

    SHA256

    5e52b0ca761bcdf6c7f32b8e4c7d204037d8d4d6692911fb54b645f557bdd22f

    SHA512

    50fc6cb294c9d42e04b9e6046ef916a7c132d73e9c64bc9afc8452594fe890bb8375f7cafcf8142dc34f6704cea0b5152515fc24919b6601e23ab163d32b1427

    Download Submit

  • memory/2432-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2432-74-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download