Overview

overview

9

Static

static

3

594a07cf43...0N.exe

windows7-x64

9

594a07cf43...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05-09-2024 12:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    594a07cf43794cb57526fa69571ad310N.exe

  • Size

    79KB

  • MD5

    594a07cf43794cb57526fa69571ad310

  • SHA1

    30fab35081ed5f7a88bf0d8d629b51fab687f9d7

  • SHA256

    581f85f14555701339a7fdf324450a72124d3f8c96d3283802a256e17883a929

  • SHA512

    61f40e6b35c520a6f5a3cc7cdcbe0eab516f217d492eeba50cd51c7e3264ba52497bb4e7b7655460e9a76cdc8169af64393d71ed309d0f6c70ea66db3df5d0f4

  • SSDEEP

    768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcC+3mC+3meDAfABJ6fABJwEXBwzEq:/7ZQpApze+eJfFpsJOfFpsJ5DCj3Jj3f

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3201) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\594a07cf43794cb57526fa69571ad310N.exe
    "C:\Users\Admin\AppData\Local\Temp\594a07cf43794cb57526fa69571ad310N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2148

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1488793075-819845221-1497111674-1000\desktop.ini.tmp
    Filesize

    80KB

    MD5

    4194e0f526fbed4627eada382709d00f

    SHA1

    e1d2ac30523b2354c15d59ed69c509a73de03d91

    SHA256

    c4820f1b09b95680f905d9bbba72404ec82a89df8de9030fd9650b81c84035fa

    SHA512

    871a43d3d7d483e9adc5731591d77a9737eebe9beb8035252be5c4467ea6063ebd45a559e79e3b94f8844062f9172afd741a755258e15986208edf64c22d238c

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    89KB

    MD5

    cd2f488f413d2f472854d5dfa0329411

    SHA1

    f1aa75017b477cfaee8626380f04d219e4c3f637

    SHA256

    9683716d56e5a4d1d1b067a66ea0a5931608bbfdc3fb680c8545a83bea52e906

    SHA512

    23db340610d4c1f0c8298c9f884aa5e9ece2ac50d48de9df815516286c7a9c7073c7b8677c8d46e57927178c0d9ae17ff442fbf0da2824034c9cdf74c81a7c87

    Download Submit

  • memory/2148-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2148-70-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download