Overview

overview

9

Static

static

3

20e23c39d8...ba.exe

windows7-x64

9

20e23c39d8...ba.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2024, 19:22

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe

  • Size

    57KB

  • MD5

    b5281bf630dff3b785269edc11af53e6

  • SHA1

    bd079580549391b7b969d788ecefd013681c3cac

  • SHA256

    20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba

  • SHA512

    6952f5f230aab271c411e41106c20c40c8ff827b3e596343c5c99bd12ccc329293294615c932ed2ad2b8e3bc8f4c4e8df86d5f43717c9570b4a55455e10f89dd

  • SSDEEP

    768:/7BlpQpARFbhq1KX101GI67I7gmdGwmdGN:/7ZQpApq1KqgmdGwmdGN

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3754) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe
    "C:\Users\Admin\AppData\Local\Temp\20e23c39d8c8a93bfc2fa22dc0c35e15431b22af6e9c3d8afcc34bc400ccb9ba.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2148

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp
          Filesize

          57KB

          MD5

          a9ae4e3cc6ba2da601b3addc4d9be844

          SHA1

          c3543b9f98b5eccd26de16eceb131b8831342f69

          SHA256

          826937b3f168d8cd3f9f59bf4d841c128d1a8afc7db6b0f051905d9946b12ef3

          SHA512

          1ddcb024a939916d57a0f4f540ea402947f9a74fad5cf69da3fea809253d5d2d7a93581344f428c07c8f718e19444706553d9abcd2f6b47fcefe64e1d2ab8439

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          66KB

          MD5

          ef905b9ebbe2c92e6e779c115789325d

          SHA1

          160e28e2fd7711fa2414794903c1cc83e2f93300

          SHA256

          a872461157ff7144bfa97228c094a80656c5b7d811206368cc8000e357c9cb41

          SHA512

          a9e6d27e9116a9d3e7b7e09431da44454a3116be076d771bad9dceea5d6f0c1eefe1f8163cfb5a368d5f96c69dd1ccc560e7f0a7ab7026b1e0eebf9f0c706b93

          Download Submit

        • memory/2148-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2148-72-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download