Overview

overview

9

Static

static

3

22f200177c...0N.exe

windows7-x64

9

22f200177c...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2024, 04:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    22f200177cf31282c93fb058d9e0b4f0N.exe

  • Size

    97KB

  • MD5

    22f200177cf31282c93fb058d9e0b4f0

  • SHA1

    9b91797d9b788190eefdcd0b4b864f77ea72149f

  • SHA256

    f2b0a99a4da29ef2551c7d2f798f0149d35dbe01aa3c893fb374633e51f0411f

  • SHA512

    afae9a7fa3bc54f393a7d915e1dc42b9978c83ad5f61725a88e8aa1c4843f0c0329ede8506135d6c1dfb88292fb0e04a9b74e8ef98119e44df6b3d26a1cca5e9

  • SSDEEP

    3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBg:PqFF2Ie+efsLwv

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3082) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\22f200177cf31282c93fb058d9e0b4f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\22f200177cf31282c93fb058d9e0b4f0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1664

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp
          Filesize

          97KB

          MD5

          a432cdaf0333028983c4ac8638940846

          SHA1

          2680bcb6e07259a24d21a86460e0dac6feb26fc1

          SHA256

          32f23daf244c0da0f241ef1e9be1bbaf1c96093ed3b75d225695558cc8fa6252

          SHA512

          cbedcd8fceeef88ac8f00761f21b97439de43fd7b83c132139435b06b0241bb99c8bf5a1872dde01d706fde7fe0a78e353e3ae5099638dced4c40e6ceadd6c4c

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          106KB

          MD5

          52b0409cfdfdba12609d49e5ad5f8d80

          SHA1

          8f0c23d6ba3f9d4c6d89072d0b2a97ddcec66165

          SHA256

          6564c87eee5df527115065d9c7ee01fcaa3ecf77ed5cc8775cc1d3c62b4b72d6

          SHA512

          56f8cb8ec86875705830802eb9543ba8bb60fa1930fa1dfb1dcb3845c28418be7bc433c9c9bbedd56dd505c3c375e3b828379d38227898f0b67801df15d22b7c

          Download Submit