Overview

overview

9

Static

static

3

95eb19ac82...0N.exe

windows7-x64

9

95eb19ac82...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    25-08-2024 01:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    95eb19ac82dec30b4f073ad4e1269890N.exe

  • Size

    97KB

  • MD5

    95eb19ac82dec30b4f073ad4e1269890

  • SHA1

    fff7707054a6a6b87ec32d044321e44516c932dd

  • SHA256

    795a2784a19adf6a58170a8f47e9a0f221ae03f095d644bc994f8fd835008227

  • SHA512

    0d8eaf827789f260767cbcded7b5a337a8629d3bfe7de3e4c7bbc38cb0db04e3fc766f4246f3c566ba79bd072bbe370a69211ea9b1e948638d85b1f2410f05cd

  • SSDEEP

    1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+ejy0Wjy0WzYLp4f6:6e7WpMaxeb0CYJ97lEYNR73e+eGGTf6

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (253) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\95eb19ac82dec30b4f073ad4e1269890N.exe
    "C:\Users\Admin\AppData\Local\Temp\95eb19ac82dec30b4f073ad4e1269890N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
    Filesize

    97KB

    MD5

    87fa316226b46e17d35f15336647f51a

    SHA1

    ccda1bbc766bbb01ff765100cde0a986b964bf5c

    SHA256

    ad35cf7881a82b95677795f08bd2d5928241d508d0c6c4548046cd94dfc6fdfb

    SHA512

    3f080e8b995113bb41480ee4486a829511bb0770376a9f78bccdf775794c369f76b432a0803d65d8708f1946b6d8ebe9e7da1e2b3e8eb5828e317b4d97642390

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    106KB

    MD5

    0569374b38310664308ef7a0b4f9c5af

    SHA1

    b0a5de0da9a6fe8c356fec38d14c78b32b2037af

    SHA256

    bc027d5c1c3d031b6fd61f1825cdd6efe40e79cc21218fe776e0fb600e4175fd

    SHA512

    a0dfbb35bc02c394c3a55febaac3d344785c3825ce546917cbbac4b46c7518e19adad00eb398f7453a5ce0458e9eaee353c579e0ea8ec6c97100e3a87739b620

    Download Submit