Overview

overview

9

Static

static

3

f6cfd2ae5c...3b.exe

windows7-x64

9

f6cfd2ae5c...3b.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2024, 06:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f6cfd2ae5c9f0fe10784a9fb44c132231ea10f0f32dcd2335abe412d3712d23b.exe

  • Size

    52KB

  • MD5

    999ee3b33f444cfd3eb245a6e122a350

  • SHA1

    16ed4bbe3c3e33e2f7ce98bc439459de9f865fae

  • SHA256

    f6cfd2ae5c9f0fe10784a9fb44c132231ea10f0f32dcd2335abe412d3712d23b

  • SHA512

    5d4eac5e56f56509629cc830c33d6b79d114d915e59be9b72708c78673b7dc07fcf9c298c967e16cc0367ccee919422009d3f0df336ba50e1a94f7033561dbc7

  • SSDEEP

    768:W7BlpppARFbhHFoqAJwBqAJwRJofJoToYvJtLJttH:W7ZppApaJofJo8YvJtLJtN

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (4010) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\f6cfd2ae5c9f0fe10784a9fb44c132231ea10f0f32dcd2335abe412d3712d23b.exe
    "C:\Users\Admin\AppData\Local\Temp\f6cfd2ae5c9f0fe10784a9fb44c132231ea10f0f32dcd2335abe412d3712d23b.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1548

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp
          Filesize

          52KB

          MD5

          b05ec873d6b9419b3d39f1bc0abf7f3a

          SHA1

          6b0920ddb8d751cc50e134077338527cf71e7d91

          SHA256

          6ed40971f53528614aad36960f69418465e111ea2a48090296a9d44993751886

          SHA512

          128ca402549a4bd8e08fe4c93efa6a6675eb58409f264b52143af6e53545b83673b5776ba387791519f711e2a281b78a2f6b3d560a5548f485d91bde1b7812cf

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          61KB

          MD5

          923f14219f8f00d5c8f68e70d89e5cc7

          SHA1

          03df1b1a74022ea572be9d8075defeccc363dce7

          SHA256

          338d6c56ba508bc32503f8e63b4cd24aa629a7c4f3d401c6424800e0b532294c

          SHA512

          b4bc75301d57344913731dfbbce5dec978976c343d6235b35035bae970854cd88970a568f56aca7ef89be2396e66b89f8a5e7d1504be67228ad1911745001d23

          Download Submit