Overview

overview

9

Static

static

3

96248db650...0N.exe

windows7-x64

9

96248db650...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    20/08/2024, 18:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    96248db6507c61930eace072ddfd1160N.exe

  • Size

    59KB

  • MD5

    96248db6507c61930eace072ddfd1160

  • SHA1

    39648f4fdf39a75fa5492ef6915036b80e0d96dd

  • SHA256

    36e47564a7fa232bdb33ab05d216afc29e2c2a6be9923c2bba85310a431c57e5

  • SHA512

    de3e78392db603bc2b044fc3053453b078a0955e259c3d919769f6bf34de68fdb6abefee8462f2f9078516119cfc1607409d236b432a883455aef4bbe3989738

  • SSDEEP

    768:W7BlpppARFbhHFoqAJwBqAJw70EXBwzEXBwOvEJcvEJFTA:W7ZppApqvZvITA

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3260) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\96248db6507c61930eace072ddfd1160N.exe
    "C:\Users\Admin\AppData\Local\Temp\96248db6507c61930eace072ddfd1160N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1456

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp
          Filesize

          59KB

          MD5

          5dc64bf7431b99e7fb2b9b76b808b1da

          SHA1

          c31e1f8d5b7c29fb99fb74ece247680ecc93bdb8

          SHA256

          6a6f94d08b70a6d018e1049025b5b1b1f54e824763c2bc5b27df26e7ffb9bda5

          SHA512

          9d89271971dd88ad717b1b74980103409646b6739d6acc0eb5bbf4f403ddb000b062bc1c9edaba77f344ef07cc131d71146e967ac761568d2fc787408cbe3415

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          68KB

          MD5

          c6b102e5af834c6c7c6a99bc44affb41

          SHA1

          2c202f7336d62b64a92693be0808c9c36bdbf5b0

          SHA256

          1e412e0ba63176348552afe3d5bb53722ac137bab306f55a0324111ff5d40159

          SHA512

          05dd86fdb62aee2f85dff437ee093e4db1aa43c8fa10e3b2b525cf29d3cc9159329c6319aee786bfa63791eefa75d9adbb4df98dbdb292e0ea8abfbf5d6084ae

          Download Submit