Overview

overview

9

Static

static

3

6c985afa9d...0N.exe

windows7-x64

9

6c985afa9d...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2024, 05:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6c985afa9df81e732bc9405f36185430N.exe

  • Size

    47KB

  • MD5

    6c985afa9df81e732bc9405f36185430

  • SHA1

    1687983fdab790adb7ab08e7844114ddca749fbc

  • SHA256

    f967edf23e91bf290984faf6abf619ffb9487ba07719c4bbdd7d6ae9b5e79d50

  • SHA512

    43249a2013f5582801c5deaceb583a2f788f858e4a4c8330862c0710bd4bbd03c9c6141b0f2cbf48c49db57d22d9056a242ce0c976106fa2104c2ae3704b2e25

  • SSDEEP

    768:W7Blp2sspARFbhVgNNHpQRNHpQRLYyBwaZLYyBwaZs:W7Z2sspApctpQRtpQRTVZTVZs

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3251) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\6c985afa9df81e732bc9405f36185430N.exe
    "C:\Users\Admin\AppData\Local\Temp\6c985afa9df81e732bc9405f36185430N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp
    Filesize

    47KB

    MD5

    44c3e3cdabe57e498303c0e63d43dd0e

    SHA1

    5d706dec0cdddc92fbe44da2d2d63954b7b3e0a6

    SHA256

    a720455e25762122c2e224a36eba92053894f421841f85d82c4ef74dfd2674f1

    SHA512

    0b5d04d9dd3a6cac114278afea42fba3104185f97b23cbebab419eea664375fc482383d0e42df5687e650844b88728bda28899cd1192cf47713a4f40afa6bee8

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    56KB

    MD5

    a7851202c212fc792853f11867472751

    SHA1

    976d5a4b12f9e9c074ba85f4ca2a650e40d44582

    SHA256

    9d1392e5b38d728092ace5514e37659057a42c3b29eb0eb603a91d3ca4b9ad47

    SHA512

    e93aaac4b486cf316f3c04e1d6d8eb948158f6a63180c633410c1f9f70cf5159c26b909318e4132fa02e20b1b7887f66f617571a34670cf66caa0a9e4dd6aab2

    Download Submit