Overview

overview

9

Static

static

3

c7d7ff57c8...0N.exe

windows7-x64

9

c7d7ff57c8...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    99s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-08-2024 10:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c7d7ff57c88fef40d001fd2e1cd09400N.exe

  • Size

    77KB

  • MD5

    c7d7ff57c88fef40d001fd2e1cd09400

  • SHA1

    0da3f717541e1c4ca367f295eccd3baf52dd5aa4

  • SHA256

    3169661540c63bb0df3aac43fa484c5fd19e6d617e94962402de65ad70b62171

  • SHA512

    e369602e1c212072350ded7842000e165fa2a8f1721a003fedb17f1f4bbb7c380ad968caf2250d67b1734620ba8b7fd6722f895e1edff0e7104e844fc9161e5b

  • SSDEEP

    768:/7BlpQpARFbhWGUKBb4JxobNlAGAIUkUX:/7ZQpAp+KBpbNiBIUkUX

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (4640) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\c7d7ff57c88fef40d001fd2e1cd09400N.exe
    "C:\Users\Admin\AppData\Local\Temp\c7d7ff57c88fef40d001fd2e1cd09400N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3424

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.tmp
    Filesize

    77KB

    MD5

    d34d4d4b3deaeedd01513d297fd7d1d8

    SHA1

    24aa1a46b8d396a50e562eca891960e6af4abfdf

    SHA256

    5ba4a7e82992ee2eacf2cab24b8591c684bf2f7ef68a0fc2b493d5e5f8cb7615

    SHA512

    d7f26df6a7bf763248a2417afe709b3858415ea4e1a030bdf48022d93cb6914ef094593c271fd07bef67036f1feb7c4b0cef38b5ff623d02ff7dbe0243fb23ea

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    176KB

    MD5

    4b947220f76ac110156535d6014271e1

    SHA1

    121b5caf426216c4a955c44148bc0aaba0c5e4c3

    SHA256

    90133349249aefef410526a8f722b214347d6301249a5ab304d0fea80d5d0681

    SHA512

    48ff1fc80dc79fd535d8402930bf01d73886bf1afdf3eff5bba125f06b13006562159f0e32aa797de2d1bf0af268f8a32561efa09eaebb69cb9f1eb99608677e

    Download Submit

  • memory/3424-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3424-896-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download