Overview

overview

9

Static

static

3

fa141ff88b...0N.exe

windows7-x64

9

fa141ff88b...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    20-08-2024 19:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fa141ff88bc61a8722076889e7116a00N.exe

  • Size

    46KB

  • MD5

    fa141ff88bc61a8722076889e7116a00

  • SHA1

    fc989c3ba7aeeaf782a6161c5a19b0a365fc3bf9

  • SHA256

    3e8e7b6e4df75ff06a01c7f2499cb3c061de93b2af0bd528c332cc1d230735cc

  • SHA512

    fae02eb1984631ef9563a8fde86cc385343f1a0b9b6ca1e4c0bee1458ed4acc233cd0566153835d545506baabc4f868e69f3f6697a3b00e730f110867f2e6e4b

  • SSDEEP

    384:yBs7Br5xjL8AgA71Fbhv/FzzwzRejmInCYK/g2BOhejmInCYK/g2BOF:/7BlpQpARFbhNIR4PCs2B24PCs2BO

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3292) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\fa141ff88bc61a8722076889e7116a00N.exe
    "C:\Users\Admin\AppData\Local\Temp\fa141ff88bc61a8722076889e7116a00N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp
    Filesize

    46KB

    MD5

    b0b257e37b1f0a41464e4712b2daeb29

    SHA1

    95b4ac8eb48b0ff1a885ec14676fadde000a01fe

    SHA256

    d64120c1b438e60724407e62d24a214d9fcfb400a641b2a76ec9e901a5796fe2

    SHA512

    c705919984f976f9f45636035dfe54b1801288a3b14c6bf29c9e577ac80d6bff2683dfe2fb7d8474c97be437f915e54a39815a945dac6ea00dbe0d634fc5ec9c

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    55KB

    MD5

    091ed6d25761058f452246b5faa55b66

    SHA1

    f5025b96cb9f79f01a31ddcd38fad38326b60e79

    SHA256

    fa0261c6c5465e652a50c3584685d497162b15653fcf4b4a8051472b5db48c77

    SHA512

    05fc295bd5b3572d3f761c2b8f8b7b9497367a3c62da028f492650a5541c242d0da06cb0dfd65357eb0d9285c383593727749a6475c54901085d869d5afff708

    Download Submit

  • memory/1960-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1960-74-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download