Overview

overview

9

Static

static

3

698ec42222...f0.exe

windows7-x64

9

698ec42222...f0.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 22:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    698ec42222bf3633a7e452395e806d251f35b6eeb1894b13d0cf404b334135f0.exe

  • Size

    105KB

  • MD5

    8801fa82f0fbca63733c930bf1c46d97

  • SHA1

    7bf8cf66135c9d2e5d917e01eecd4c6dee5487c6

  • SHA256

    698ec42222bf3633a7e452395e806d251f35b6eeb1894b13d0cf404b334135f0

  • SHA512

    bc2aefa01ab2d98e2cc81496900efcfbe7baece8fae2437f2e3ecd8e9bb31c9083dbcc346c451b92fdac88e6a6d6614ffa71e742f4951d55827cf541674a7018

  • SSDEEP

    1536:W7ZDpApYbWjIlE77ufL2e+efZwZQ/8S/80PqPIUpCUpiPk:6DWpwE7oL2e+efZwZ08i8Z

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3443) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\698ec42222bf3633a7e452395e806d251f35b6eeb1894b13d0cf404b334135f0.exe
    "C:\Users\Admin\AppData\Local\Temp\698ec42222bf3633a7e452395e806d251f35b6eeb1894b13d0cf404b334135f0.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2548

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp
          Filesize

          106KB

          MD5

          217213b194cdfef21fd80ccac8b76c84

          SHA1

          eae659150c97552902e5bd44226310ed73f19666

          SHA256

          2762fb1a0261204465aeafd9b7ddeaca41513a0e2627c5829087225b98d92b9f

          SHA512

          1c1cd15b6fa1a504688662cf438e3406f3aa7ec1b6c6e37eb7c54c2b4b8423e3daee574593cde2db5063038062739dd4465e9b314b6e2657a69553a21fc56037

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          115KB

          MD5

          30d6d24f769eb6b66f658cfccb3ceeb0

          SHA1

          607dd0cc98b5b9a37df151c93891b2b51ab89e50

          SHA256

          29446e49e6a71246a103aed0efb9f9962c0a0d7aa2f2a781a18a42f94817e62b

          SHA512

          f746f58478acf9d1e01a4596ae1c0c4a107c7d79b5dfbd1316721090982f26b6884b8a2ac4b6803b5abde7d298405e7373f046f3fbecbba1bbc681afc689d1e8

          Download Submit