Overview

overview

9

Static

static

3

c7d7ff57c8...0N.exe

windows7-x64

9

c7d7ff57c8...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    24-08-2024 10:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c7d7ff57c88fef40d001fd2e1cd09400N.exe

  • Size

    77KB

  • MD5

    c7d7ff57c88fef40d001fd2e1cd09400

  • SHA1

    0da3f717541e1c4ca367f295eccd3baf52dd5aa4

  • SHA256

    3169661540c63bb0df3aac43fa484c5fd19e6d617e94962402de65ad70b62171

  • SHA512

    e369602e1c212072350ded7842000e165fa2a8f1721a003fedb17f1f4bbb7c380ad968caf2250d67b1734620ba8b7fd6722f895e1edff0e7104e844fc9161e5b

  • SSDEEP

    768:/7BlpQpARFbhWGUKBb4JxobNlAGAIUkUX:/7ZQpAp+KBpbNiBIUkUX

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3268) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\c7d7ff57c88fef40d001fd2e1cd09400N.exe
    "C:\Users\Admin\AppData\Local\Temp\c7d7ff57c88fef40d001fd2e1cd09400N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp
    Filesize

    77KB

    MD5

    c22999ba71ceb78b12b7ccdb01b875e9

    SHA1

    902e78354d468e02655d482e9c78c21a6555be15

    SHA256

    b346008b24d2ca08c35f40edbf916cd7c03f16b9aed8fed002407a2a2eae0d7e

    SHA512

    8196f7a8624ba362b844973584e3ec71d2347c253bfc690649104f46d991ce7133f1b39899650f7d7ae61ec58ae7eae3b7ca2f85725467171e53e5c40ebba00f

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    86KB

    MD5

    df6fcf6ea10a8623ccc6113ae4825c68

    SHA1

    aa4e6ee511048b28f999bebabaf18ad37c8c4e08

    SHA256

    ccf298bb5405902184d485ac777fdc4f283bcd1e92f4f8aa918383a39d3f3f87

    SHA512

    a0d1802dbf30a5d534ddfd67c4b4235aa989c3903fd395c5f44ad154c630c421ab75fddab94ecb4285d9f2ac1cf4806822ca7ddb11b4522c24031bc0c7c2b6ef

    Download Submit

  • memory/2628-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2628-74-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download