Overview

overview

9

Static

static

3

4cfaa731f6...7N.exe

windows7-x64

9

4cfaa731f6...7N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/09/2024, 23:02

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    4cfaa731f692903097b8e12abab4da340325215791deb5e84a9e90a2dd0e6587N.exe

  • Size

    90KB

  • MD5

    08ef756542d5f23ddc04ece1591afea0

  • SHA1

    7669716dc6b9588c11ff0dd74f393c0b139da452

  • SHA256

    4cfaa731f692903097b8e12abab4da340325215791deb5e84a9e90a2dd0e6587

  • SHA512

    4f9034e1c150084919c5aed085c88f128462ea4a911be58da69aa2671efc6b775174aaaca6e2fe30f298846b6a3fce8767f95b2e29c9453d59ac552c061dc9f3

  • SSDEEP

    1536:W7ZhA7pApH9QHwtRF9ESWu0SWutlggalggyaRjvmujvmRzqzlmJgwmJg/SvqBSd:6e7WpHIyRF9ESWu0SWuDm841q6

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (4610) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\4cfaa731f692903097b8e12abab4da340325215791deb5e84a9e90a2dd0e6587N.exe
    "C:\Users\Admin\AppData\Local\Temp\4cfaa731f692903097b8e12abab4da340325215791deb5e84a9e90a2dd0e6587N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1636

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1302416131-1437503476-2806442725-1000\desktop.ini.tmp
          Filesize

          91KB

          MD5

          763990d6e511aa2e1c90617f315e8486

          SHA1

          b890aeff4e4f6a4e47eee5c984b29cbd93bcc4b0

          SHA256

          65a041841de24a53b5c4389c7a84a45f3abb5d63a2e7cda31babaed8cdaf43a3

          SHA512

          9ea27a5a2d1333a9185714aa040575082263eb2046d6afe73f2a58013249ca376e219fbca4c7c552e1acf0b289f4e3941a5dfc8588f5b770ddbce286f74374b6

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          189KB

          MD5

          0439bb0e5d055b2a39b48b8c6f6bea19

          SHA1

          4a1e20d2d9f517e45e45b452cf4f8a297cde6fa3

          SHA256

          096fb99a089562222896aa361e122f73e0d1148f190b9cc4aa58a78a3bbb2758

          SHA512

          a146eb0337bca209c45dc625d04c874b144787332cfee2b9bc069a03813d2138a683888c055e3356cdc58950ac9a65de4ab07865caf88f45b2fd3846ad9e4a95

          Download Submit