Overview

overview

9

Static

static

3

4aebced1a7...0N.exe

windows7-x64

9

4aebced1a7...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    29/08/2024, 12:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4aebced1a7ff9869607f2e861469b360N.exe

  • Size

    83KB

  • MD5

    4aebced1a7ff9869607f2e861469b360

  • SHA1

    238500ee26a726c9c6243b54983cc7383f00b558

  • SHA256

    41ec87b5087c39ac7fa24f5cbca35ecdc36690405be6e5b19ad9e1d85e0faf9a

  • SHA512

    99818a18d23825e6b822720c9c9b41e120772c304889f1a87d19fccd96354ec7e1ba0b0c3d25fa2d69e22e826e81f238afe979b662d6efd88a59d5787a753f5e

  • SSDEEP

    768:/7BlpQpARFbhiWbs5nd5nZKBK65/e5/TqOJyjqOJyc:/7ZQpAp/gNdN2/I/TDgDV

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3217) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\4aebced1a7ff9869607f2e861469b360N.exe
    "C:\Users\Admin\AppData\Local\Temp\4aebced1a7ff9869607f2e861469b360N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1424

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp
          Filesize

          83KB

          MD5

          525655551040bd2ef482535be2d4d445

          SHA1

          ccec446045b80f2842ce0eb9f0863adeea5372f4

          SHA256

          dc6c19d6d301c367a577f959efeb874793a225a936e20b7372b3cd0145c9a7bb

          SHA512

          7ead01c11234602f2453158b7c0de19ad9dcf8c3b0f8c61a6428b0311a8d8fac94c68615e0e96d96f3e470e95eabff98c34d8bc9e1869a72e58295196551d469

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          92KB

          MD5

          e6788919632d65be5e85ec1a9bc50d1a

          SHA1

          685b638305d67d6965ea3c4b1ab6f93d2115d5cb

          SHA256

          13193c9ac6e47c03153dd2f25f1869316217862d28aafbc90ebed8fdb5ea20e6

          SHA512

          b24d9f1bd147e369c3f52acf5b403bc71f9fafed7e916bb324964ec8b6a88179395b6fb4258821fd25bfcd32d570d53ce9e6d870344248f75d900705dba3f094

          Download Submit

        • memory/1424-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download

        • memory/1424-74-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download