Overview

overview

9

Static

static

3

5fdaa7245a...0N.exe

windows7-x64

9

5fdaa7245a...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    04/09/2024, 08:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5fdaa7245aaada1ea614bc686f307f00N.exe

  • Size

    36KB

  • MD5

    5fdaa7245aaada1ea614bc686f307f00

  • SHA1

    9437a72deba8d40664409e80d0819fe30e95628a

  • SHA256

    bed2a30b8ce4a8f89356bf9e2959bb1b35849b1a71686f22b28720dd5de66030

  • SHA512

    74053c049fa0d3cf02997132ab8c77d92d67fade749ba494fe65c92b9ebc640f5e1278d7f7f199b8ec18b9b74bcff9785c761f54752fb106438e9791f13501db

  • SSDEEP

    192:pACU3DIY0Br5xjL/EAgAQmP1oynLb22vB7m/FJHo7m/FJHJyBWYTuPTDTpI+DWYv:yBs7Br5xjL8AgA71FbhvM5

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3219) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\5fdaa7245aaada1ea614bc686f307f00N.exe
    "C:\Users\Admin\AppData\Local\Temp\5fdaa7245aaada1ea614bc686f307f00N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp
    Filesize

    36KB

    MD5

    d355875f0f9d5876eef70646d661df26

    SHA1

    beb904b414e9b2dbfce1779a32740c2f594ecf7d

    SHA256

    2d09e0c3d79cccf7d08ac9f8cdc919d6239ea29bea8a0a33459eded425848ceb

    SHA512

    d5aeb1eadccecc8e3f7c6f1149ec190240aaff16b4c3176c73e7e4bd68ad7dd467729b8e51367a218ae03f35d34111e3419c2e65b749d439da3a01db8bce4de4

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    45KB

    MD5

    ede3b2dbabc67cdb257006e7e45fecde

    SHA1

    23af8c3deb803a99ebda781206dc35e7641a338b

    SHA256

    b90d4aeaddd71388b9f07112a669fc2b6c31370553262920144d5a574e89afd1

    SHA512

    208f7cebc49fa49a93497608b1a446c6f10d1c88553f5e6e4d5ea4cc32c2b8f5aff70e34d2b0d6bc806a401a4f733bfacaf3835147a6a5ad2ae607a3ecb7bfa9

    Download Submit

  • memory/3052-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3052-74-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download