Overview

overview

9

Static

static

3

a4353e032e...0N.exe

windows7-x64

9

a4353e032e...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    01-09-2024 17:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a4353e032e3bd8ecf931fc6f44fb4cd0N.exe

  • Size

    53KB

  • MD5

    a4353e032e3bd8ecf931fc6f44fb4cd0

  • SHA1

    22d353887b49ce65b6e3ed79c518a3a72a6a5fa3

  • SHA256

    b8fcd47265baf17b7c0e2122357fd05a864ee8899ba40a209cbdfa7608f23b3e

  • SHA512

    31ad00d662c56feaf7f115dec1044f1193ec57d88b79a326dc2e79b351b14d69ab85369e0355ce577ff75569e0a8c3cbe13fd53241268ea6de12a35695e2deef

  • SSDEEP

    768:W7BlphA7pARFbhL801VvM801VvcR2+lJtZ2+lJtSsZefn6dZEZd:W7ZhA7pApw03vR03vcltdtSsYfn6m

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3208) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\a4353e032e3bd8ecf931fc6f44fb4cd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a4353e032e3bd8ecf931fc6f44fb4cd0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1956

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp
    Filesize

    53KB

    MD5

    ef9337c3f112785e5ed526e3f1ef52f4

    SHA1

    1d63b918273a425b3bf663f869a0e6b0fc0d9e5c

    SHA256

    e16c81756f6282f3e10474f247bea72d063336a7eb411553065bd2f46ef850d1

    SHA512

    882ab59a070f6a240fb82e4efb717b08560f05c22d304def0982e19e49f63fbb6389741be574c83fb43f586bf2de3b7151e98c29130b52192574646a96995288

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    62KB

    MD5

    2fc6e1a4ed8995153f30a593ad406501

    SHA1

    195b4a42f04197279d0ddd7b34143cbec7d993b8

    SHA256

    bec88bf5e870ed4a5ad24bdde51e3c1cba9285b51a7b6840cfa5016963a92321

    SHA512

    cf467ad5442b51c9af8153a1e124e7d2c54a7cdd45daee56d1bf90944721ec04a4cf53e5599efeb6df4f7df5567d7495e940a40165597009b30c447390615e7c

    Download Submit