Overview

overview

9

Static

static

3

73e9c5f9bf...0N.exe

windows7-x64

9

73e9c5f9bf...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    26/08/2024, 09:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    73e9c5f9bf2ceb320d3a21a6c7e2db50N.exe

  • Size

    43KB

  • MD5

    73e9c5f9bf2ceb320d3a21a6c7e2db50

  • SHA1

    492d0dca9db303f6ab27d0db60b0f40b3c88f925

  • SHA256

    e0ece19c2d33f8cb0de09439ccefc3aea6ce1aa4465f27b638ccc16dc8e907e0

  • SHA512

    f38c1fcc81bf9f1f0d0a2557cf616b1378e046663e1f06610fd9e801629487d92c396104af21b845819681ae6d4d7b9ba6851cc5cadffc856ba9a6f858231e16

  • SSDEEP

    384:GBt7Br5xjL7lAgA71Fbhvt3Gb9CGDb9CGBjUDXV8gcjUDXV8gu:W7Blp9pARFbhOCQCPjw

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3357) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\73e9c5f9bf2ceb320d3a21a6c7e2db50N.exe
    "C:\Users\Admin\AppData\Local\Temp\73e9c5f9bf2ceb320d3a21a6c7e2db50N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2692

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp
          Filesize

          44KB

          MD5

          3b09240d9ba7c5c07dc890f3ec051b36

          SHA1

          bd6cb6f6893d2bf90bd19ed2ab8e57308c2913ba

          SHA256

          5fdbb7a6bc829e83c67c3b78e30895b71d8076ad920a948d0ec2c79f5912c1bf

          SHA512

          ea45ec4a1fed0cdbccd2d1a60ea3d4a7297dbe1c4f519f4bf37c1e5a1ba7cb62e69a9afd1016a29e1c4177c770fc0d8bde74cdb0a8dbda534e464fed17fb24ab

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          53KB

          MD5

          51fedacfd00ae489ba327c3c77678f25

          SHA1

          bbda547a973e26f400bea0286ddb40e827dffeef

          SHA256

          e2fb2b06ba92a202145799af38cee890e7cc17cf1b819c2f036d6bb8109c36a5

          SHA512

          c3efb69bdd4994b04cedaff368380502d67d02f91456ca49f889d7f6ac725ec2fafa2f07d4a9e10eda478ae4e3fafa7e5e7875f2ac7005fdf24d07c9f83d985e

          Download Submit