Overview

overview

9

Static

static

3

caa31ae2f8...0N.exe

windows7-x64

9

caa31ae2f8...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    117s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    23/08/2024, 18:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    caa31ae2f84af4cf5cd4d3cee5f16420N.exe

  • Size

    39KB

  • MD5

    caa31ae2f84af4cf5cd4d3cee5f16420

  • SHA1

    fba78846d97ed8ddf9e694ae3928bd60827795ff

  • SHA256

    0f0dee93fe91bbf3df4cead93412e0c4860770f7d7b831e669b96f0730a59cc7

  • SHA512

    a64533d6a3460a4f37b901588177cf84b5cefe8eca1f8abb93c520301b4336869353dc470d55215c16c060083e0ef8fbed4aa397284537ea9b3e139ee1982a05

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lsStWyWL:W7ZhA7pApM21LOA1LOl6vSK

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3204) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\caa31ae2f84af4cf5cd4d3cee5f16420N.exe
    "C:\Users\Admin\AppData\Local\Temp\caa31ae2f84af4cf5cd4d3cee5f16420N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2088

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp
    Filesize

    40KB

    MD5

    649e18450d5a829497eea7a9cb6a9b4d

    SHA1

    83853398df194d458392458ea94e067bdd5c1c3c

    SHA256

    814947e0f4bb8c69e0739f6a65bb292bfede4d70f3a5ad458d91a9db33ac6b86

    SHA512

    b545abc5849da7bf6e47fd3b4e5f8803e1035b601dd2b29c0afd6ba464a70140b7ef139a0fce6aae0c7626e3dd9d766a946c35d949974b7230ce7eaec2dfa84d

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    49KB

    MD5

    24abc556904fdaa817204d00fdedec6d

    SHA1

    0295ba8ec52260c581561b8931c6ce1817ac0073

    SHA256

    90b7a77fb8b7d81b0da24d09941c74f25c91e6555ab6890254fe429cf1b6ab3b

    SHA512

    032c89c507bd42e4bad5e4c4460028079fd36f816fee07a030380c1af5d07f3d05a9e6db8e3003f1b520432456c36915121839fabe349218cc20c857fd109a0b

    Download Submit