Overview

overview

9

Static

static

3

cb6bac0bf9...e9.exe

windows7-x64

9

cb6bac0bf9...e9.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19-08-2024 01:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cb6bac0bf9452ec8f2614666c911e117b24f5b903726f5d60c7ae2b2894c8ce9.exe

  • Size

    67KB

  • MD5

    f067acd1fe0e064b0eeffcf72286e1d7

  • SHA1

    e5379192616b76ff874b9e24b307f60d0c8191be

  • SHA256

    cb6bac0bf9452ec8f2614666c911e117b24f5b903726f5d60c7ae2b2894c8ce9

  • SHA512

    6ba56d270916b4ce7480c51c6130178fdeee12457c1b6ec495ed599aa0b7e9ca23b082d4e01c3ba28124d79952120355f78496be79415a51bd4ffdc0f6d73f3d

  • SSDEEP

    1536:/7ZQpApze+eJfFpsJOfFpsJ5DUEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50Fq:9QWpze+eJfFpsJOfFpsJ5DUEhLfyBtPd

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3444) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\cb6bac0bf9452ec8f2614666c911e117b24f5b903726f5d60c7ae2b2894c8ce9.exe
    "C:\Users\Admin\AppData\Local\Temp\cb6bac0bf9452ec8f2614666c911e117b24f5b903726f5d60c7ae2b2894c8ce9.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp
    Filesize

    67KB

    MD5

    1f314e9d1695e1bd893c602722d75548

    SHA1

    f5bcafdd597c1fa8a972ae7828b281c3bd805ff6

    SHA256

    5e32bf49e2d0e9a7fa4b88fa962e48075fdbcf1ab376f7e0c7870d1eabd65cac

    SHA512

    997edc4557cfb732e9b561d11bbe0b993051971cf3ff35988f889275f16ce3878fd94159f307070c883c5cfab2c342c75a0bfc6942066673a27e1baedce60a7e

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    76KB

    MD5

    114d46dc1e20afef0fe1f22006509ba3

    SHA1

    d94604a5004b7e1280865179a1190f58d41dcbb4

    SHA256

    db546a5f10e7e08a04ea5429778d537ab7390e4d7439b76971f71c76725afe4b

    SHA512

    cac987141351b4ec9036e4fc76f981c596e595f645433791c1e3815d4664a64265fe3df75b911dd3f773b963c9c6da20572c681d00b6123ccd54e357cf4505e7

    Download Submit

  • memory/2632-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2632-70-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download