Overview

overview

9

Static

static

3

cbaea6ef3b...0N.exe

windows7-x64

9

cbaea6ef3b...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 21:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cbaea6ef3bf93e207c6910a53ed030e0N.exe

  • Size

    40KB

  • MD5

    cbaea6ef3bf93e207c6910a53ed030e0

  • SHA1

    9b0a9238f7c17da0ff055d437cc22dc6a79a460e

  • SHA256

    7526fe0e5e736caa9bbf61e279bdd8f4cbabd5081a40aac9e7dc18318aace233

  • SHA512

    8096209dfb67ba5cdc0bf89699b045b5bd81ba2095559ddfc7a1c56216760e590cc01c394f94431d8ef2617c246f6a1627489857aecf3461ca0aee580ac5fbf2

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lGK8WKnFIMK8WKnFI+:W7ZhA7pApM21LOA1LOl6NKNKnF3KNKnp

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (478) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\cbaea6ef3bf93e207c6910a53ed030e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\cbaea6ef3bf93e207c6910a53ed030e0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2152

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
          Filesize

          40KB

          MD5

          37ea41624c903a0de9d7bb4f161b84b8

          SHA1

          260680caeea3e7f3973b890b65b2b08ce3f1071f

          SHA256

          7663d79b087ca90ed648799e42d78520f493bedfee7e8281db3789d1287109ce

          SHA512

          90c3fd90df4f4610f8e7a60283b10b76b048742618f8fad0fe6e5f7e89bdc760f2ef0ed0fdb9796c59be70f109712877292b9c3f187251fae246ef2cefcc44c1

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          49KB

          MD5

          84b404cc6b74609e8a296aad13d3f959

          SHA1

          fc978342e020320e7a56ba93a01d374dce83d564

          SHA256

          01aede5b13c4c3f36f27674554253cf8e8d68278ccbec35f806a2177ad870d89

          SHA512

          c8a6bcc77e43b0a66d973e831e82e13336b32b8e9e80bb859df15702b9f2d03c639ad4caf4ee84484c92708bdba6bb83dca9c80d97b1641c92886b581b8ab06d

          Download Submit