Overview

overview

9

Static

static

3

b4278b6254...b1.exe

windows7-x64

9

b4278b6254...b1.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    02/09/2024, 02:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    b4278b62549921ab7e998996d044e6cd978eff85a7022b66100c5e57f2fe47b1.exe

  • Size

    41KB

  • MD5

    c1940e2184f74b91864b66a32d2d77e3

  • SHA1

    ff540e6d1ca7052236ea92fbaa405b3fb1592536

  • SHA256

    b4278b62549921ab7e998996d044e6cd978eff85a7022b66100c5e57f2fe47b1

  • SHA512

    710cc9c32a7fc2acd4c69b342f6d10c7dc000d083f45dd02d987bb9d718b473a7e116e38fe10e3a2a0e3142376b2c4ba2c7da7b9a186bb9a5e7bd2025408ced9

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lsSccd:W7ZhA7pApM21LOA1LOl6vSccd

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (4080) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\b4278b62549921ab7e998996d044e6cd978eff85a7022b66100c5e57f2fe47b1.exe
    "C:\Users\Admin\AppData\Local\Temp\b4278b62549921ab7e998996d044e6cd978eff85a7022b66100c5e57f2fe47b1.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2692

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp
          Filesize

          42KB

          MD5

          b17baa72e1dab2bdd1dac3d8799182b2

          SHA1

          3a8b64e2809bcf3f6b32106aa506c8582b37fe23

          SHA256

          354a9bbd9ff1fb9443fb133c5fb320464eb32915384ee6efbf60f6d8aedb6745

          SHA512

          d8429fb69923926b51f526254ccebddb5b26a409bced87d52b6b1ac54c4e99d24e485ca8b6e0b0e266bcbce7ba06310789255b42fbfccb70163b03dcbe20f8e7

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          51KB

          MD5

          1edf482d554dbd92372eeb2602a7986d

          SHA1

          297e4b946df6b2cbb4f6316c0c53fee20402ccc9

          SHA256

          dbf201a6f4c4b80da57666b18f83fbefbebdf79722e2e815326acdd54f60ec67

          SHA512

          2846e68202b6b8d93ee8d23a6d7903dde3d390af3ddf44a9ff23b3a19f135f3a950774e2b7221efea055ff624e995393eefa567d3197baec069d06b8ecd1fced

          Download Submit