Overview

overview

9

Static

static

3

21c5f7365d...0N.exe

windows7-x64

9

21c5f7365d...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/08/2024, 13:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    21c5f7365dcbf55125d90d749a07e0e0N.exe

  • Size

    44KB

  • MD5

    21c5f7365dcbf55125d90d749a07e0e0

  • SHA1

    7e2abd9488bc2b79f58df91a3b0453460c7126f0

  • SHA256

    6deee864933a513c4674808b362cf98edc160b5b61d848f67146617094a7673e

  • SHA512

    f6fbed3973ab9ff688bbe88a7ecf407811edf3764de9489da5fac4601c4c1624a3c5eacf9a24346ea2c7e09b01c3ebea22787ad779e474dc6efc9ce53af33890

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LORWAnWAkpUE5c5YbfCDTbfCDMj:W7ZhA7pApM21LOA1LOrtkpt6WbfGTbfT

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (4663) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\21c5f7365dcbf55125d90d749a07e0e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\21c5f7365dcbf55125d90d749a07e0e0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2020

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.tmp
          Filesize

          44KB

          MD5

          c7f51f80f0eefab85e2dc43c8f587c75

          SHA1

          14ac119e68e9a26b2e7728aa41df757af7a7d455

          SHA256

          6ef84fa9a7b8b1817569916d6c6aa3aafc38523e13e2ff378f8c4d25a93c1787

          SHA512

          8082831c57752648ba42adb96d099a12bb21c9196d5d383c228461fd3e71fe89d876454518329ad537e01c2df2d51bcea82ae8e842884918de30c086bbcaa1fd

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          143KB

          MD5

          e4d8af8ae4846a8d885790f96444412e

          SHA1

          6474037b481805191df327313a6de1e453a2cf46

          SHA256

          f77d85b9d64170e5a99f9f450d5edb01a666bf449583dee095c9bfbf2f154589

          SHA512

          e19e1ff1ca39e97c7c785bc85efee82025f217cfba7c36ed95f2e92c0f39bbf5d46cba10240554543602ec5da8776a8e05114afe20c7482fb294c72eac640402

          Download Submit