Overview

overview

9

Static

static

3

9b45c1b44a...c4.exe

windows7-x64

9

9b45c1b44a...c4.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08/09/2024, 03:38

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    9b45c1b44a4db7c617a8f8b58bf4e004b8e0c1fc972cb49b8d872125767b09c4.exe

  • Size

    43KB

  • MD5

    f806a621addcc08c40c7ccf36e56076e

  • SHA1

    11703e47c24ef03782e20ac6ea9a4e3c64206da0

  • SHA256

    9b45c1b44a4db7c617a8f8b58bf4e004b8e0c1fc972cb49b8d872125767b09c4

  • SHA512

    d76ff000f41e0fd018df8ea8cb6d9660c9e7efc5db0e625b8bebfad43befcc742445feda86b868c2b961d3c88d4e68dbd36171dcc58055489d7397613117528f

  • SSDEEP

    384:yBs7Br5xjL8AgA71FbhvPvD4Qfxd4QfxlQoVeDQoVeyr:/7BlpQpARFbh3vzfxRfxlQoVeDQoVea

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (592) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\9b45c1b44a4db7c617a8f8b58bf4e004b8e0c1fc972cb49b8d872125767b09c4.exe
    "C:\Users\Admin\AppData\Local\Temp\9b45c1b44a4db7c617a8f8b58bf4e004b8e0c1fc972cb49b8d872125767b09c4.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1120

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp
          Filesize

          43KB

          MD5

          ce00b6fee3757574ebea5ca5d68894fa

          SHA1

          3c0f8ad42e34e046280bcf392c9dc26ea2cee921

          SHA256

          f0bd34de641eef87b0200fe7a3dcdc16d650d437de28cf55c81241fa3838b33c

          SHA512

          c783c3c1805a5995e4de01ec651b7252ee06599f2013bb750b63a1b8421f5a307bf2ff1eb7ba9cccd15a79f67c9d47b30879035fe922aa0856b9115309e3c603

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          52KB

          MD5

          9cbdd01af5b9d4349db854688fbec8ff

          SHA1

          c11b144a795be7bae85382fdb81f08ff12a9d361

          SHA256

          0d1cf348c961816d1d8c27ec3bf150db1b655f4d43fc360460dde1ec35ec300d

          SHA512

          e6da99c522d88548315ac4a3246c06d1e039c3e4c2308fdd5d0d316af98a70c23d0777e36d871cac4e0a925065861e666cd69a08f21a6858c231e9ee4a0593ec

          Download Submit

        • memory/1120-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download

        • memory/1120-22-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download