Overview

overview

9

Static

static

3

7e0c121e07...0N.exe

windows7-x64

9

7e0c121e07...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04-09-2024 23:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7e0c121e073119c5f262bf0c851a31e0N.exe

  • Size

    42KB

  • MD5

    7e0c121e073119c5f262bf0c851a31e0

  • SHA1

    98b7d5c59852707496bc99c38c1c2fc3121f7bff

  • SHA256

    213ee11e9119c34ab802ce7cde3ad54d491ef6576ca5fba19d2112d16759299a

  • SHA512

    40720ca12d819dade813ff62ec5c4384c47c0e19a52bb0662b5d907e5665907a574dcb084d33a350bda8872988d78560563448d92c01514f488f863163ed5507

  • SSDEEP

    384:yBs7Br5xjL8AgA71FbhvsDYcUYcG0Wp/pHV90TV90O:/7BlpQpARFbhsYcUYcgp/pHVmVr

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3440) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\7e0c121e073119c5f262bf0c851a31e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7e0c121e073119c5f262bf0c851a31e0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2856

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp
    Filesize

    42KB

    MD5

    75ad3a4552efcfeabc6dbae0b3b6b1ab

    SHA1

    4616a5885787c273042a30e6294e2a9ad5e969e1

    SHA256

    d3e7b9177599ef25bd7d260969d802f3ec78b4c55fc0909ace65b0fda5fa0036

    SHA512

    063bceff475d05e37f17d939c91244b9cffcc088a54c472606d8a8fee8d9b2a3ec054b674dcb4306b3a6cd1c0c7e71546a52a8a5f7705fa5f4acdff7f9839d81

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    51KB

    MD5

    35b5c6e8b06606dd5522ba1d50302032

    SHA1

    b880312d4971a03a49fe7c402111a516a5227077

    SHA256

    c889484a180efc43078e1fc187f80995ecc7bcd611da19b577579cbde975ccee

    SHA512

    058945b1bd4a05e30520704baff6efe4683ae762aafca20605ded11f5ba688d949fee59609213ce292567ac6b3cddabf6f960e007aa4b0551d2b4c3915be9ad9

    Download Submit

  • memory/2856-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2856-74-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download