Overview

overview

9

Static

static

3

34c8d424af...0N.exe

windows7-x64

9

34c8d424af...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/09/2024, 14:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    34c8d424af163e63630f78dbf066e9e0N.exe

  • Size

    83KB

  • MD5

    34c8d424af163e63630f78dbf066e9e0

  • SHA1

    7e840271cf8865d7c11198ba2470824e3cf5902b

  • SHA256

    570e8adda9aea593ec8950e9471aa3e6dcd746a85052ffede25ea8b4b3f7f063

  • SHA512

    5508a6798cf9b9ed0fa15cb9550637a2855c46a00280dd24640c17260deb9ce776ff17cabba8eeef1916059b7b3984c3f7c0b398b5e0aee840a866968449fa63

  • SSDEEP

    1536:W7ZDpApYbWj2WTWJe+e/qXhg6qWzexqWzeS:6DWpaWTWJe+eQgtWzeQWzeS

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (4504) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\34c8d424af163e63630f78dbf066e9e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\34c8d424af163e63630f78dbf066e9e0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4432

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.tmp
    Filesize

    83KB

    MD5

    d2f321efd1aec1053e76b337acd20efd

    SHA1

    34892afc1a580e2b2c3452c4b0c928eb9ea62df1

    SHA256

    8622238b4b9c464cd210a1f612456200bc67df717b7ee1d433c0d55a979db9ec

    SHA512

    be4d4d8fb54ca72ab774d9bc1a92e7ff0951b4b17fbfd998b93c63561b5995448e0cf25b96f241c0042db82b8179d9ca67b8e9273be859524a253758bc2fbcaa

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    182KB

    MD5

    ff661734052ccec6e6e59502c0d1805c

    SHA1

    ea0e927c282a5d911fffbdbad483a0b04c7c6c5f

    SHA256

    f0d195e87f2451be176e6d2446fec87d50ebf5fa8e0d1eafaa864f4262692a7d

    SHA512

    94f155a9481c66780c6e2eda5deee88c7c0ed8569863384300af46db22877fa2dbf0bbc9010c6d40c581171e20162e0474533e1d2717bff921c7915486baa125

    Download Submit