Overview

overview

9

Static

static

3

d4d3ace182...0N.exe

windows7-x64

9

d4d3ace182...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09/09/2024, 09:42

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d4d3ace18261bc5acd02f27f6fa97470N.exe

  • Size

    90KB

  • MD5

    d4d3ace18261bc5acd02f27f6fa97470

  • SHA1

    0826cf7520c8cbe1d1ead5057333271448e9a7aa

  • SHA256

    5cd5b4c5adbf2609bfdfab080911f3c44eb7b556f061f8142f2c979e76770405

  • SHA512

    44d359f6686a6dd7477291b89c72409a913ff719784ef910fe2218df5cf5eb114be1b4427ba76f1a543b5d4d95f93a6744f5600184c8849290cab887a6b6c008

  • SSDEEP

    1536:W7Z9pApQESOHepOHe8G+6E65dyGdykNdNBK2LUf7XQex2L:69WpQE0zUzXA

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3095) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\d4d3ace18261bc5acd02f27f6fa97470N.exe
    "C:\Users\Admin\AppData\Local\Temp\d4d3ace18261bc5acd02f27f6fa97470N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2084

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp
          Filesize

          91KB

          MD5

          94f29b4ca87b446a60e93808dec53f9a

          SHA1

          60279fd48a5bae19a677d4014a98c52659dfe0d8

          SHA256

          9d47eff9c62644947f7a75f645329322f6e15e732c423d3cc942715a1652b021

          SHA512

          0088599bf3bd87c59f3565b8b7b367caf09c13ceef609fd7525ed79056d66efc528a4fe1ba78d600b9b7f8d959d65c1ee825e5f4173da7b01ba8c113f3dee0c1

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          100KB

          MD5

          cbf09fe7250e2779d443c982cd2f1da9

          SHA1

          cfbecb42cb18842c34069ab64c4b4a3d93b70b25

          SHA256

          41808dd49cedb2358339bb36f729eafdd160e1ae140a276e988fc08140d8c3f9

          SHA512

          fc8d63d45b04423ce4f14debef0012377fe7d19159cbae092fa15cf74606cdbf20217e4bb0333e4cc3a93fbf24095e70cb442c51b8df6346b4eab38c4e8d67bd

          Download Submit