Overview

overview

9

Static

static

3

be31d6d92c...5a.exe

windows7-x64

9

be31d6d92c...5a.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 01:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    be31d6d92cce9a0322b89ae2e04b94a22b23dbb1b7093ab5e99e38a4ef9fdf5a.exe

  • Size

    54KB

  • MD5

    cb1a3f62e1ea3e87b3165a18a25eaa80

  • SHA1

    577e5dda3999746857c43a07616bcb52e5559310

  • SHA256

    be31d6d92cce9a0322b89ae2e04b94a22b23dbb1b7093ab5e99e38a4ef9fdf5a

  • SHA512

    8f2378e36b1ca6e22dac5468ca973b725204f1f17a5fe7846b4daef163c54da0d1b36f36495c611088389ea08cc78d3288f8902ac7e4c9813a98e55c2b91b7c0

  • SSDEEP

    384:yBs7Br5xjL8AgA71Fbhv/Fzzwz72Jwuq2JwuR0U0I0gQemyq8gCgQemyq8gQntn2:/7BlpQpARFbhNIiJwsJwwnZGynyrntn2

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (5147) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\be31d6d92cce9a0322b89ae2e04b94a22b23dbb1b7093ab5e99e38a4ef9fdf5a.exe
    "C:\Users\Admin\AppData\Local\Temp\be31d6d92cce9a0322b89ae2e04b94a22b23dbb1b7093ab5e99e38a4ef9fdf5a.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-355097885-2402257403-2971294179-1000\desktop.ini.tmp
    Filesize

    55KB

    MD5

    092da7d0490a2242b53b3cca5706e6b0

    SHA1

    a5a6665a4262ba07334669f50cece3a3c9d268f6

    SHA256

    4fb9eabccdac7a6f7834fa58186d4b1debfbc7b3be891c9dc522fcac7dc27d37

    SHA512

    29371782b036acd4c9af9b00b723a58d6b67d59d601383dc4c33c78028b4e41a006475f9e9cc2dfac7c4a985a1fcd269287a4db102984d05f8753e5d4699624c

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    153KB

    MD5

    9b96ac792f144b06946c2753302e7edc

    SHA1

    530af05d22e6a08de59656879f045a17eea45bde

    SHA256

    ca0b7f5a998f681719f2c5ef1b852f7747a4de1c1b8c33da0d09d242aa9cf473

    SHA512

    ca05b2a05e68e079be4ac1c73bdfc52a023222f3c7643030457d09d80de34c0cd2208ab3e2c93858146915645cfecb0d649a9cc3f5884668b1a39eb3765d74b8

    Download Submit

  • memory/1468-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1468-856-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download