Overview

overview

9

Static

static

3

35f72eb0c9...0N.exe

windows7-x64

9

35f72eb0c9...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/08/2024, 00:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    35f72eb0c9a536fe56450237e8728160N.exe

  • Size

    40KB

  • MD5

    35f72eb0c9a536fe56450237e8728160

  • SHA1

    a1f099cfe0bbd7509a2a9c0ab03f6a72502cbe4b

  • SHA256

    5dee820b8aebfcbed566bda35d97e6a854d448db4dc84e70ccb3a2c15d355dcb

  • SHA512

    c600030046efca8d91ba47ddc238404ee3867b198f420b10d8a3c7eb1a925fa4fcb0dddeb1786daef722f2319bd95acf0954a227d72f72134e7c7d998ae7c00a

  • SSDEEP

    384:GBt7Br5xjLdbAAgA71FbhvU8g0U0fL+8t8YwTZ+kZsAZsI:W7Blp+pARFbhBgnKL+8t8NZ/

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (4676) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\35f72eb0c9a536fe56450237e8728160N.exe
    "C:\Users\Admin\AppData\Local\Temp\35f72eb0c9a536fe56450237e8728160N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4182098368-2521458979-3782681353-1000\desktop.ini.tmp
    Filesize

    40KB

    MD5

    4515375454603e214e7d34b0f832dfbf

    SHA1

    695b4d500b9ae230ba2a47bc182f1b3fa9c1b3a7

    SHA256

    feeca666f67fd1485157be04f1f959ae7ab21bcde72b12f14912d550a8855b27

    SHA512

    ab3449e7fe4afeb41aee2bb40abc4c12b72d89c2eb76911363dfc1552257ac6ca8d1bdc4bcebdf056e1d2cc4f4c15eb9ba59cce0508ca1cf0b1c58a775b02fe4

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    139KB

    MD5

    b66e181a7877d4e4f1920b5360e61c85

    SHA1

    4dc7427490f5b0ed8731e631a585ba74e95ad8f0

    SHA256

    2fe8dac6b7e17451c4a444cdf4bfec30075878cc6ec73c3e7d30cad203678285

    SHA512

    973eb1e63ffd379150f64814851e4d75c4058020ed90055c30d16e98fadb4e09b660c9c095ce25f151bf070aa02d0067269086f1286d7dbc7a555bdef61f094f

    Download Submit