Overview

overview

9

Static

static

3

bd8f35fe43...0N.exe

windows7-x64

9

bd8f35fe43...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    118s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    02/09/2024, 01:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bd8f35fe43d8eb84829dd1ed0a7928b0N.exe

  • Size

    86KB

  • MD5

    bd8f35fe43d8eb84829dd1ed0a7928b0

  • SHA1

    67ff237a7e1da282a36b2c4a021ef204fb7c5d04

  • SHA256

    8ca8b3a9119be52148a55fed79f8e6729926bb50449d7411d78fba83fe338e2c

  • SHA512

    f0662bebda3094c112625bb1e11c17feeacf8cf3853dcdc7357112681276fcc102dc2af1a550dc6feac2fb4ba933163785700480f4f71af252bade65eab58c50

  • SSDEEP

    1536:W7ZDpApYbWjIoPyPoLzV7c6Sh1Xtkkkkkkkkk545:6DWpm

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (2809) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd8f35fe43d8eb84829dd1ed0a7928b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\bd8f35fe43d8eb84829dd1ed0a7928b0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3068

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp
          Filesize

          86KB

          MD5

          d3dfa96de26b8d8b003e332039cbbd2b

          SHA1

          ce2d38869a6fb7a7dccce44a7b3d6620d16e88d9

          SHA256

          b771cd0df8227a34f95d4e3297009ee85cd5c38cf0b77b77f43aedc105132f1d

          SHA512

          80e020ae4698a0913bfef26daeaa9357805f17c3d627730da0b5c81db09ee7a352e0f53c5e8a4f063099bb2fd175cb4492ae6c668addb816748b84ca595ff7aa

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          95KB

          MD5

          1ec52deec787ecd938991e57fb238da1

          SHA1

          b8a5e9a3d34f72b6478a30df2d9951e83dcb5e41

          SHA256

          3454e42dcc871f5721c1d9b6f4f7d41af20688ff524b5b277cb65dc76395ea18

          SHA512

          8f9a26b14035491fe3953696f238e0565ea4ddb8fe51282a5e514cb5d176fb03dfd6a8874c2213bf86b9b1e116136d5d893ee8cf67f670b340116c409f8dc53d

          Download Submit