Overview

overview

9

Static

static

3

7c3b17c7d3...0N.exe

windows7-x64

9

7c3b17c7d3...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    20/08/2024, 20:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7c3b17c7d31c2c12bf6aebdfe0ee2790N.exe

  • Size

    95KB

  • MD5

    7c3b17c7d31c2c12bf6aebdfe0ee2790

  • SHA1

    8b2d48ff4391978f11f51ea00130c23b0f2ad932

  • SHA256

    320477122b2d19a7606e71298a1c0aee56dc1923663037c5abd209ac782f14f0

  • SHA512

    0d8ad1914e0208a9f9865d0aaa7fc61b8789e2219b904c53de4e689bfc215aea6c325388f3d754c70680fe612ba8c23af562da465c08ed95482fc1954e9f1a83

  • SSDEEP

    1536:/7ZQpAp/LNgGYJ5OngGYJ5OQXQoQ7KIKtnAQanAQk:9QWpxhBhDR7KIKd

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (2914) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\7c3b17c7d31c2c12bf6aebdfe0ee2790N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c3b17c7d31c2c12bf6aebdfe0ee2790N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1108

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp
          Filesize

          95KB

          MD5

          e419e35dd86416193ce288266b1d256a

          SHA1

          2497ddda0f1ad5f83092eb2b7953319835b5bdcd

          SHA256

          e7f9a26c13b4499b161b831e381159e7fb4ab46741409fbcf1b7bcf7b548b3aa

          SHA512

          dd02b5b39880c0f89474739bd92f35905641df972e26261d368051d6b22d995c8a893f5df4216885eefc3ff61e54fc8b0a083b09bdbf5545af05a25f8aef5218

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          104KB

          MD5

          24e99759bc8e372fb22993af992bacf0

          SHA1

          8fd5cc2de808fc7883325422655d2bcd74ac68b1

          SHA256

          2155221a8ae96a9d8f8edb39ec9d45621f867acc8c5f4fa943004b040b962453

          SHA512

          bd47fdc1dfe3a86073e0cd70b639a832519380ab7fdef8b09be0593e483d7410baab2c30b99953d23e1702e50c45914f5b85a97812a708acd5be950e6c3057e3

          Download Submit

        • memory/1108-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download

        • memory/1108-68-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download