Overview

overview

9

Static

static

3

24753251e1...19.exe

windows7-x64

9

24753251e1...19.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    13/09/2024, 19:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    24753251e130fb6ea48e9921bf8698b985c9754981bb3d1e992ac917b3557a19.exe

  • Size

    169KB

  • MD5

    0bf0dc5cc56e511eb17b57727ade797b

  • SHA1

    399edd9663bbc71877fcd644a42fcb5f976e4cad

  • SHA256

    24753251e130fb6ea48e9921bf8698b985c9754981bb3d1e992ac917b3557a19

  • SHA512

    0e3b16be59e27e54d5a3d46036a1e4088d93fdc0741319e3a5014aafcb537e833f9508dd52b7f7481e5936454792fa724ce12a0bc3ff6dafc0f63524c6fa367d

  • SSDEEP

    3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFMEhLfyBtR:PqFh2Ie+eyEuFF25e+eFL

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3438) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\24753251e130fb6ea48e9921bf8698b985c9754981bb3d1e992ac917b3557a19.exe
    "C:\Users\Admin\AppData\Local\Temp\24753251e130fb6ea48e9921bf8698b985c9754981bb3d1e992ac917b3557a19.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2432

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
          Filesize

          169KB

          MD5

          cde2d735b3c2456416caef166d3e4fb7

          SHA1

          4ef0f0bfd8b0da9b051350c7ad1c7ce2011f7293

          SHA256

          0a605bccb9c32658d0de72f8ba9226035f0d507f5c4fdd58872c066ad062233a

          SHA512

          95a8e29203c3aafec96e9ea5b2473627f2cb4e331d89b9fd5ff5a7693ccf1c0828942a83c6ecf4618814d1942f3963fe211b5422db1677638eab164eda8f137d

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          178KB

          MD5

          ee9ff797c02ddfc045847220048438c4

          SHA1

          92a887c67ed9e362dea3664c746c080dc1cf448a

          SHA256

          9ab604b0ba93a1950346a57c474dc18de39bcf260010a53c678b13a918c08e7e

          SHA512

          dbc01064ce4697cd37644cd4a00787b331bf864198883c9700f63d613ccc0199ead74653a8a0d5d2c50e8ff4097924f5643a82bc49dea5a3528d50824c8f3ea5

          Download Submit