Overview

overview

9

Static

static

3

bc33fbb5ff...0N.exe

windows7-x64

9

bc33fbb5ff...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    107s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 01:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bc33fbb5ff37ca949354e7f3bb2c9df0N.exe

  • Size

    34KB

  • MD5

    bc33fbb5ff37ca949354e7f3bb2c9df0

  • SHA1

    02e5c4d9489d7b7432e7d665303a156ff55eb2bf

  • SHA256

    4cdc72a5b428940259beb9f39d47abacff7d429be59bca48d5ecf169d142644e

  • SHA512

    cb9ab67e4d2485f8b9359739adee932903e8e7675866508cbf0c0f9633ccc33471740a06fc5c5eaf959e6958c252097bfd8d3f17eaa7bf05ce321675b456b4d3

  • SSDEEP

    192:pACU3DIY0Br5xjL/EAgAQmP1oynLb22vB7m/FJHo7m/FJHhpqW7U7OKpM:yBs7Br5xjL8AgA71FbhvszwLpM

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3098) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\bc33fbb5ff37ca949354e7f3bb2c9df0N.exe
    "C:\Users\Admin\AppData\Local\Temp\bc33fbb5ff37ca949354e7f3bb2c9df0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2168

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp
          Filesize

          34KB

          MD5

          e3374b28eece24d789f34e98becebf11

          SHA1

          da29f32abea949c279c4a0852f31616f39dd5744

          SHA256

          4ae77373f47d54939596962e05a7403fe83c22c71f8d114022f23ec94f33550c

          SHA512

          c2bfc163d96716b6a39727d849a1726abed39e644412319103a403e1ee0af5cb98406a33fd0bdb840f70a7aca85da7a7adfae579255a930009e5cb33aca0e171

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          43KB

          MD5

          75f180da3f00aee37ea4e2e604b34690

          SHA1

          202b30acb97fb03fbe21e65fc2a04c32736f3999

          SHA256

          64b8549034be5867db60aaf6f6cd6ea1bd7823858a3f403f9a904df62e282a6d

          SHA512

          1d94a7ad78984b2512f57dbaac9ac0397fd713c1d85098d5fe7fb89ce00226d2aca4450aa043dd3a31a5cfdaa1af2a2ba584faafadd6947bd8899654977f5214

          Download Submit

        • memory/2168-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2168-74-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download