Overview

overview

9

Static

static

3

66ae5474fc...0N.exe

windows7-x64

9

66ae5474fc...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    23/08/2024, 14:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    66ae5474fce4d771067ac3d9ce23c480N.exe

  • Size

    74KB

  • MD5

    66ae5474fce4d771067ac3d9ce23c480

  • SHA1

    30c214b938e27ed5203e7fb1494ac808f01eac33

  • SHA256

    0e1939b38f38e22e72ade1a9a8f66b0f897a5572ea0449cf311ae1f3fc471073

  • SHA512

    f725ac70eb10f27259b2858443a851950febe925309b2bd0453a5e783b1c85ebc00737feb48ee41193b2d031344a4fda65db02035b6893e71077dd5e5ce4955d

  • SSDEEP

    1536:W7ZhA7pApM21LOA1LO8IdHxAbuJVSNCR5yg:6e7WpMgLOiLO8CHWiJUAV

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (322) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\66ae5474fce4d771067ac3d9ce23c480N.exe
    "C:\Users\Admin\AppData\Local\Temp\66ae5474fce4d771067ac3d9ce23c480N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
    Filesize

    74KB

    MD5

    a1866990f21080b45ec8ee18da829656

    SHA1

    a9893782f1383c22a238dc35c99ea6bbececc9e1

    SHA256

    4863223acebbf2b8ab552f1195d7d0e3a4291dbe91b8898edee12c6c7ff5d68f

    SHA512

    e1c45279dc17ae00b21c84c90dc6f0840926c67fbd09f2c306125571e264ad035002f2c72b650e858a0b6add7a3e4cf71e11899940bb76950c10c66e2a1b79b1

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    83KB

    MD5

    d5fdd06ced439c85ba4901baea4c4b81

    SHA1

    b5f91b4041a55f6e1a252c169adaeac5989adc94

    SHA256

    f2a5cd7098ac3d63e560a320a641791ef1bd8432b078226f5959475470bf277b

    SHA512

    6e3bb8f79c101706deb27c650d6eba6124a77eac3579bd5422f5193716817cffd125312822d5537c2c4cf21643892bd3d70df12b94a5fbde0e7f4630738616f9

    Download Submit