Overview

overview

9

Static

static

3

fd45a525ce...0N.exe

windows7-x64

9

fd45a525ce...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    110s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-08-2024 00:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fd45a525cea0889f16526b0ce39b0480N.exe

  • Size

    54KB

  • MD5

    fd45a525cea0889f16526b0ce39b0480

  • SHA1

    fb45dd0d006a0d248f904c12b7e9ebd62816d442

  • SHA256

    85184260d43c7ee82b54a6c9d961ce6cf806e8d2e949cbc8dce694ae4c0df0dc

  • SHA512

    ce2c9e46f3a09e5eccd9d1e9cb98e5b105a0d732bb3075016d9941deee8a0c1db4e273021856aa075cc2693063b65e407c640ec8cc550879f3bf3189211d6196

  • SSDEEP

    768:W7BlpppARFbhknrzzA8JQ2AdJCzA8JQ2AdJWX0kXX0krDzgpQZ+zzgpQZ+RElE+:W7ZppApkGpaI4RElE+

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (4645) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\fd45a525cea0889f16526b0ce39b0480N.exe
    "C:\Users\Admin\AppData\Local\Temp\fd45a525cea0889f16526b0ce39b0480N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3600

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp
    Filesize

    55KB

    MD5

    f192dff6aaf0e0fddee9e97f5e776ffa

    SHA1

    d9e77bf1c2d21d45be4582f8fb5e993846295b45

    SHA256

    3dfb7970d7a5322e451d805c7d26c0f63796998659a1b806bf2fab0461166f58

    SHA512

    ae71c593ff83a8d068e1fbc5ca59715f986f951fcda71eda99ed94a4bf259d153f357d2e142e29ebfeced9b6928892dfe8ba2f039bb37d7eb9aed7bfbcf646e4

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    154KB

    MD5

    37bbeacf743f4e06f536b42ec3e193cb

    SHA1

    78279256140f50bd86cce5f397b117031a2c3525

    SHA256

    b05b8fe7c569b7664eda124a515b1456f49dd4282e17f4b24c486c78312e0f30

    SHA512

    e1155813c9070741a6a8b9ca397742b64be9f4d761ce4b05efa05a9c49688f68977f27a77c40cec87fae02d524ab71f432091c923e7ee2130bfdf3ed65f5855c

    Download Submit