Overview

overview

9

Static

static

3

5db67a510f...0N.exe

windows7-x64

9

5db67a510f...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    02/09/2024, 01:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    5db67a510fe4e91c1c8c205c673c2160N.exe

  • Size

    89KB

  • MD5

    5db67a510fe4e91c1c8c205c673c2160

  • SHA1

    607f4ad0dcd5c8c0e59a06a862bf9fe0831656bf

  • SHA256

    711e7576651420c5fafc983a1e875eb4c4a616cb831b6208389b50801e47d886

  • SHA512

    496b1d45169d38b659673f25ba303726d176efbb42d9b985050ce71ac152284fc609ff9626f4de1910289c4275b1669477cb7fbccd32a1216e6a5782a676761b

  • SSDEEP

    1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBK2LUf7XQex2j8V:69WpQE0zUzXd

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (2819) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\5db67a510fe4e91c1c8c205c673c2160N.exe
    "C:\Users\Admin\AppData\Local\Temp\5db67a510fe4e91c1c8c205c673c2160N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2492

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
          Filesize

          89KB

          MD5

          549001eed7afa0f7ead8affd6195526e

          SHA1

          3a2b9f23ac48384ec9cbc732a4068b067d387a0a

          SHA256

          d21b1b261939cfb17a1acf2e94c9f2a4691a1837cfe5659187b92bffb74014cb

          SHA512

          f76990fc0f52d9067757d19705e10e427a988c563c11cb13d0bb0ef074be5b41235b276c3bdf963a08569b484d9ba63b100f7a7cc6ddbd69a827139ed7d3cce6

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          98KB

          MD5

          ad26df133609375de83fb2223ff1b360

          SHA1

          46984da0da757a33a00d5cbca531228e66337187

          SHA256

          5f5be029550a482f8a3d5e94da8a89c92ff39545caf514a50659ad74419745f9

          SHA512

          424bf0a2183299cd6b6d9d6f041862075345786dbc99a06f2bb731d1e5e8e83c33cc97876a96eb1cfe20fa4e697715f9ec5abc3059636750c2ddae2da554e653

          Download Submit