Overview

overview

9

Static

static

3

a8dfeb8915...0N.exe

windows7-x64

9

a8dfeb8915...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    20-08-2024 21:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a8dfeb891562f80ec706f1bf7f8ace10N.exe

  • Size

    47KB

  • MD5

    a8dfeb891562f80ec706f1bf7f8ace10

  • SHA1

    dca2ef44fad2559bd0b218947f4d8c1b06ffbbac

  • SHA256

    21901f0d83c588057cc970a97facaa46064fc9e1070b96c34b2c217b6dc5fd58

  • SHA512

    d66ac98c654e448e1310024dee4abd23b818d8a0422242cdbae8732aeb0657f63c1e90b9efc4748f219d2eb48b8bfdf42f70c5a313a06080ae8977436fe2d128

  • SSDEEP

    768:W7BlphA7pARFbhL801VvM801Vvv7+j9nT:W7ZhA7pApw03vR03vwnT

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3289) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\a8dfeb891562f80ec706f1bf7f8ace10N.exe
    "C:\Users\Admin\AppData\Local\Temp\a8dfeb891562f80ec706f1bf7f8ace10N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp
    Filesize

    48KB

    MD5

    568bf9e3721cddbffb3fc3fbacd2084f

    SHA1

    7a80bf6236a71e53760a60fcc2d41c8b9c65d5b2

    SHA256

    cfcc8f3102b953dc11ada2a62ec7cf581defcdac358c5f1bc900ffdb105dcec3

    SHA512

    2080a425d3b18372aaca63e01f6e26073d56d99ede6fbd11b24a526a736a3649c30664007967bbf500fc9beebe905f1495cbe4037ac522889b229472555e2242

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    57KB

    MD5

    7caa997567a938431ab183b536f42194

    SHA1

    eb3541603410d033c3c87c3eb2ac86c732929692

    SHA256

    7113cbfc7ccfcef2fe309cf1096956175c58b81bb6c86cce3aa7f2c221bcc669

    SHA512

    42a7212cc550e323a9a1b21c378a2c16aba275adc9d3c3a5fdb464cb9102fa008acf954573f56e065f99dfcafaeceed01a7672f6eb82b2a51b5cc21046e86f05

    Download Submit