Overview

overview

9

Static

static

3

f1cfdcc544...0c.exe

windows7-x64

9

f1cfdcc544...0c.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 03:17

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f1cfdcc544279addfa773e88a58579d3b35399609848f68bad20f9e4fbbe7d0c.exe

  • Size

    45KB

  • MD5

    626f4e0fe30cd364860a26368d6cf46e

  • SHA1

    5dd1be36fb14f4246548ddafa5a1198e08662ec7

  • SHA256

    f1cfdcc544279addfa773e88a58579d3b35399609848f68bad20f9e4fbbe7d0c

  • SHA512

    16bb53a00e6c4d5bddacebd16133a81b92ee5e6e18c90898910cb0ca277988f28038c97f1bf412d9b91ff5b11e7eacbbe49f696130f379dd64fdab64fcef8792

  • SSDEEP

    768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLmuH9uHU:W7ZppApBULcfpHLcfpyD9uH9uHU

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3798) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\f1cfdcc544279addfa773e88a58579d3b35399609848f68bad20f9e4fbbe7d0c.exe
    "C:\Users\Admin\AppData\Local\Temp\f1cfdcc544279addfa773e88a58579d3b35399609848f68bad20f9e4fbbe7d0c.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2152

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp
          Filesize

          45KB

          MD5

          f1365b416e0baeed5af507f4bf99d1ee

          SHA1

          365039cf9ee15451ae7cdd01f442fbe4b920c8ed

          SHA256

          e6dd6042fed0a94c849fab017d53e8300dc1a4db32f20db014ed395cb1825057

          SHA512

          b6103f2aec71e299a478edf5b3a616c2e9dac442588858a2f5b8d6e0d4a21d783a0001fe5feae895fc521adc22af47f8e1a877817bfe0052f5d6d8c920f966ac

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          54KB

          MD5

          ffb7864a25171f80b54e949c5c39294d

          SHA1

          305b1e6dd2822bc3ed4b00a3931475e1b783daba

          SHA256

          7fa6d3a436eaf3bbc53f8e59a554eb091ddd5dcd36c0aaaf084332b47454ed00

          SHA512

          3aafa71f220ec36d0d84472f998b3ca6398d8e65af14046ff57ee98240692276f40efb9738c0cb1309f8a03a3a6fcaa907d091c14e4f86b4f0fd15c1a6afc1a4

          Download Submit