Overview

overview

9

Static

static

3

aa382462d2...0N.exe

windows7-x64

9

aa382462d2...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03/09/2024, 17:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    aa382462d2f37d78b33f51480e468640N.exe

  • Size

    52KB

  • MD5

    aa382462d2f37d78b33f51480e468640

  • SHA1

    721612b876860314bbcfdb7fcfbec33ebd2cfae0

  • SHA256

    00cff2ef0d0599e9de575e337f479544861e4d3b3482bbbe0cd024d7797e9d29

  • SHA512

    496b00fda46fd7c3317c47edd05adfdea0ac0272b7932bb0a263546b07f8e34b6b56d686419b3d2a55b02e273342c3668ed706b2510f83d3c0f6cdbafc8177db

  • SSDEEP

    1536:W7ZppApBULcfpHLcfpyD9uH9uH28m+h2h5:6pWpBwchcwD9uduW8mF

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (4551) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa382462d2f37d78b33f51480e468640N.exe
    "C:\Users\Admin\AppData\Local\Temp\aa382462d2f37d78b33f51480e468640N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4904

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.tmp
          Filesize

          53KB

          MD5

          193b1def173e96600b42c11f0456d7ed

          SHA1

          25d780729c7569ee0fb4de62b75ed0729ca39147

          SHA256

          183cda07ec9739f8a60336268d4b58e5e19aa1b1240c3e51d90eb139f2a4b912

          SHA512

          fca6a1545a04102a93a8ca0cbe8fe380e1f98173897e0e4d09f0e8af77d407c96040cb2b72f192482cfe390b9780e4ddf1480a260ed43d2efe6ae83cbbeef025

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          152KB

          MD5

          fddb2caa166f0be6b728c3fc0fe6f513

          SHA1

          fbe4e3848854ff0e68edb7771ade8a58d16ca6c4

          SHA256

          13ef050dd82133717e20cf59e84cba61083e9a212c87888b8ae5ccc1300375da

          SHA512

          5cb890a700b6154b157a60c690a5b1b6b6b8e376a9db17d022a02f7ffb39d52e0e8be56e5d4dcd9edf39e8e4869008fb5f8867d3e0e1a742a8b4214328f65373

          Download Submit