Overview

overview

9

Static

static

3

0a2652cd55...f3.exe

windows7-x64

9

0a2652cd55...f3.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    151s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    14/08/2024, 18:34

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0a2652cd5566d9d86dde6a6acfda0afaf0f9c2c4186338f05412ed5540f761f3.exe

  • Size

    205KB

  • MD5

    aa02264343d1ae77898725564e295d81

  • SHA1

    d45c7c14a8b60b19b1d89ae75b0df325983e4877

  • SHA256

    0a2652cd5566d9d86dde6a6acfda0afaf0f9c2c4186338f05412ed5540f761f3

  • SHA512

    d9b04d629add0a4b9d919f1d82b7120fe0f67ed72efef4bab071e36f49feed23612ec45d840444f86a3f264cf70a171f963b7295d00570c536655bdab3ad9a3c

  • SSDEEP

    1536:W7ZQpApfytyxsks0DjdesgHOsXOHepOHeP:6QWp1sksHsuOsl

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (291) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\0a2652cd5566d9d86dde6a6acfda0afaf0f9c2c4186338f05412ed5540f761f3.exe
    "C:\Users\Admin\AppData\Local\Temp\0a2652cd5566d9d86dde6a6acfda0afaf0f9c2c4186338f05412ed5540f761f3.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2472

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
          Filesize

          206KB

          MD5

          fa4889b3cfc05fd014e42bdb1d4db742

          SHA1

          63e609e008c6c16d13cf3452857ce46243ed9e2a

          SHA256

          6b7c18b2fed9ea87142507810ed573fa5b126c58c71b5fe366172b121651ce9a

          SHA512

          d295c7d3344ddc0f63941bf620ebf1b012b02c78f47f34394eddc9e36a5d15602a0788e2e506d858424ea79d97bb47b9588f79b832d980fbeb12cf941a7a5d85

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          214KB

          MD5

          326ef2e3a42ca1e9652f01c969f87abc

          SHA1

          db3c0e3dc3a30a869ccb9b3bcf139d02c6302166

          SHA256

          4a5f165cb696c704c43874ff0d881a6fc13023e4e8ab96d77f64494e1315401d

          SHA512

          4380dcdc193eac39f3a1dd72920683878a07c584166f9e76d9da7a6f8556616506949ab9198fc7d48692e812bd7bdd7855fb980629647c609a1793b2570052a6

          Download Submit