Overview

overview

9

Static

static

3

7b19d6eb87...bf.exe

windows7-x64

9

7b19d6eb87...bf.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    18-09-2024 23:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7b19d6eb87c2c2a29f1e19e69c6fd4eb141b4822078fb03ec724db45e1279bbf.exe

  • Size

    50KB

  • MD5

    cb6f8067ede7a6b6b442c0aa6ab9346a

  • SHA1

    fae618451dba628da4444dcc253fd5527ebbd8aa

  • SHA256

    7b19d6eb87c2c2a29f1e19e69c6fd4eb141b4822078fb03ec724db45e1279bbf

  • SHA512

    fae52a7a50ab3ee98c5fe3d5b67e5244fcf5e7397587dfa6038bb23d1bf87b29e07025b2a72b557800a1101a75a13179dac2cffca9f3a9a6fb41387e33104d9c

  • SSDEEP

    768:W7BlphA7pARFbhL801VvM801Vvv7PZaZP:W7ZhA7pApw03vR03vY

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3790) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\7b19d6eb87c2c2a29f1e19e69c6fd4eb141b4822078fb03ec724db45e1279bbf.exe
    "C:\Users\Admin\AppData\Local\Temp\7b19d6eb87c2c2a29f1e19e69c6fd4eb141b4822078fb03ec724db45e1279bbf.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2184

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
    Filesize

    50KB

    MD5

    627fab5257afc754bce794205f520c4b

    SHA1

    a6f8424b6c53798e3c555522fc73f278d343639f

    SHA256

    b5d5cabf9ed568c2b0649a1bc01f21394d9cb921c0977ad8b7f601740d687462

    SHA512

    879f0b50e652b20d41a86b4cf2f21fa5b3a2838442cd19e743297815ab4b014442bf639b0ecfadfbfb9a94fb951b009739542741cc68f3496b86d819d5e622ff

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    59KB

    MD5

    b9ec3bd0f32c09287ac52f2fb38380d5

    SHA1

    d52c12111bf9ccba1efda420d2a98e93ac0fb527

    SHA256

    c89fd1efa8353ebcd692bf0ff700e46a5136af1dec721d31354ded5b42f6d2aa

    SHA512

    dd04c7bb2bad794186ca0e125ad3bbc121af96d41b8dd39d9e6810c61627e1d156e3fc7ae0fd75a0aaddb2f788996fa70896f1f18284f56f2149ee78dc1837e6

    Download Submit