Overview

overview

9

Static

static

3

96ec54a9da...0N.exe

windows7-x64

9

96ec54a9da...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    17/08/2024, 18:29

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    96ec54a9dade07f64e367e99af255460N.exe

  • Size

    44KB

  • MD5

    96ec54a9dade07f64e367e99af255460

  • SHA1

    12ede0e20d72393880176bedb4941997d1021e7c

  • SHA256

    8a701f4f937aa456b5d966686fc27f410e0571239c180c0f5427656be3858862

  • SHA512

    15b9ba318501be68fd9418cd287ff962e0d7e514e10c7337b5f3bc448007ec263e076d604a263221732aa0969e8ef53bdc6078ded3a895b521769a52edfa17fe

  • SSDEEP

    384:yBs7Br5xjL8AgA71Fbhv/Fzzwz72Jwuq2JwuR0U0IN:/7BlpQpARFbhNIiJwsJwwnZN

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3279) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\96ec54a9dade07f64e367e99af255460N.exe
    "C:\Users\Admin\AppData\Local\Temp\96ec54a9dade07f64e367e99af255460N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2320

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp
          Filesize

          45KB

          MD5

          8828dfe1c565080066c88917a9349ac0

          SHA1

          ec2b04827668d6770f5035288ac22ca7c02cfba4

          SHA256

          7d957e93691f3c705d32a39c94e8763109387b8f0f6f1ea9ce9e07bc44adecc6

          SHA512

          971694d015592bc1fdb8412023406fc2219bbe046be28c1b76e46ce44a839d0a5b99e656e97ff170c90edfd20af23b36b5a433f133be5b9cf3ee08a0fa09db6b

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          53KB

          MD5

          ff95730247d69092e4dc477fb9fac2b6

          SHA1

          8e1a9b36077423bd7bc11687355d599b646eed15

          SHA256

          795225ca8260842f2932e92c44f2cde685028d84e6bf25999b0aabddc1990063

          SHA512

          8e558be0611e5ace9c16cd887ddea83ad351cd546167a7acaafc5b7a980e4625731f6f22b867a9b5444b242b63bbd1742ac9a8eaa3c6bf790674526708751022

          Download Submit

        • memory/2320-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2320-74-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download