Overview

overview

9

Static

static

3

87579c1914...69.exe

windows7-x64

9

87579c1914...69.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/09/2024, 23:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    87579c1914596a7874e47d8361658d7eb9b19ca80c6585bab99a9b6f30679069.exe

  • Size

    74KB

  • MD5

    865bb9421fac472c372b27ace94e57a8

  • SHA1

    b05a6d16abc08cca908b6d4c44ba12585d5e8984

  • SHA256

    87579c1914596a7874e47d8361658d7eb9b19ca80c6585bab99a9b6f30679069

  • SHA512

    0a8e639cf39a17641a56e0a760f3b6d2bde47c93b9e0550c0548ad9b733723e470e418279cccf3d020a38b2fb45a05482e0348653852a12b25a37d81906659b0

  • SSDEEP

    768:/7BlpQpARFbhIYJIJDYJIJPfFpsJcFfFpsJcC+3mC+3meDAfABJ6fABJwEXBwzEl:/7ZQpApze+eJfFpsJOfFpsJ5DD

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (589) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\87579c1914596a7874e47d8361658d7eb9b19ca80c6585bab99a9b6f30679069.exe
    "C:\Users\Admin\AppData\Local\Temp\87579c1914596a7874e47d8361658d7eb9b19ca80c6585bab99a9b6f30679069.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2260

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp
    Filesize

    75KB

    MD5

    8e2f8e47cf51d95c830068f8530d8782

    SHA1

    16ae3683d83330902b854800271828a96ece3312

    SHA256

    314c73c8024aca39b45e7b694d63a3e277dd8c57c23a0e3579b809d4f3635bfb

    SHA512

    0bb2d43f00dd7d9718951fda62985b29de5733a78769bba27f2db9d1758508171d8e6369421cf5909a5d9ccd37ddb394c12cae6c00ad2152b014d939c2033b4f

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    84KB

    MD5

    af79a48022fdd5e01b67e572e9110745

    SHA1

    d46b84689565ff023560503bbc40c5d98a0d09e8

    SHA256

    b016baf7a15b5744a945160bbc4f18ff11468a16e80f0d94dde4a8550a61287a

    SHA512

    2e4660804123a5881a83e1ae57f468b66faa8c636e6ce4200560de7283ba7c7a976b12ca8475db499fb1858626335097cfc7b2628c17e0397637cf9f8931a2ac

    Download Submit

  • memory/2260-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2260-20-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download