Overview

overview

9

Static

static

3

e5ed9d63c9...0N.exe

windows7-x64

9

e5ed9d63c9...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/08/2024, 16:13

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e5ed9d63c96d36200d8eb020042ed890N.exe

  • Size

    100KB

  • MD5

    e5ed9d63c96d36200d8eb020042ed890

  • SHA1

    a579990b7871688e35683473b474c1b73f40ee66

  • SHA256

    f32cfa3ad716a51a7a88a7857be6806c5023f9a3270f100d8b4fc58ab73ac729

  • SHA512

    4ee4d7cbdd3c4dc33caca14c40ea0f728aa3c8b11dd106d3168d9acc2e6231c813bd96f019ba569b09f3e05375745f760faf0528d297e0400557ef95e14abd07

  • SSDEEP

    3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBG:PqFF2Ie+efsLy

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (4363) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\e5ed9d63c96d36200d8eb020042ed890N.exe
    "C:\Users\Admin\AppData\Local\Temp\e5ed9d63c96d36200d8eb020042ed890N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2892

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.tmp
          Filesize

          101KB

          MD5

          18b1d03a89f96c66844fb4d696ee2440

          SHA1

          227b445feed3840803a65ab2fa8780e126726104

          SHA256

          26e633050b79d3fcdc37a7d88d200bfcc1be855b47750d86601494c4128d3d6c

          SHA512

          885fa1993849fee9e8916b3f8c446a80ddb3c67e6097bbf7885360012b563d513c9f95692d41b7677cb20e12708e53bf96ff8ca3692771dbf568b0b8ab9bce1b

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          199KB

          MD5

          35299dc2d8592e02139cf272e8dc6998

          SHA1

          9544486591ba4957d47f332cc263ed76796c241f

          SHA256

          ff900a6373c69a202afd30e5ea3f203f6b247fe8fb29b80a3983f8ecc11d1322

          SHA512

          b9f5f7543d093557d03d76be20bbbf2e1038b7a56c6ab299b3384b4aa9f5daadd1b7b3c365567f0671bf06018c06accb74440cda255a2cdd92b5557cd389410a

          Download Submit