Overview

overview

9

Static

static

3

af9e134cb3...aN.exe

windows7-x64

9

af9e134cb3...aN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18/09/2024, 09:14

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    af9e134cb333d7f9ec10eb6840d3e9701c9a462d6e81b2897732c5881064fd5aN.exe

  • Size

    49KB

  • MD5

    ab572ffe99c1e8d7613e4c0b570d8750

  • SHA1

    1deb1ba29ba5a2fce01d40e2060d638cde8eb747

  • SHA256

    af9e134cb333d7f9ec10eb6840d3e9701c9a462d6e81b2897732c5881064fd5a

  • SHA512

    4a0c6e993760ce62c9c7b5486bec1c5ba884d9123f47d2a43412334fdabaa1aba0194debf84f0453feeef6c109489bb649533dcd678d970ad136467f4c699024

  • SSDEEP

    768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLUty6J2CzxJ2Czf:W7ZppApBULcfpHLcfpyD3tHRz

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3442) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\af9e134cb333d7f9ec10eb6840d3e9701c9a462d6e81b2897732c5881064fd5aN.exe
    "C:\Users\Admin\AppData\Local\Temp\af9e134cb333d7f9ec10eb6840d3e9701c9a462d6e81b2897732c5881064fd5aN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2868

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp
    Filesize

    49KB

    MD5

    9ee55b802088496e80a650ed8dd75d05

    SHA1

    9d46ec91b9a51f9e120ef3d8214615b15446d5f0

    SHA256

    e03c5cbbdb8874bb8d2c42496314f071559d812f82e1f194e5a618817330ae16

    SHA512

    8f31e858199336ea60775009ae9a5c0d1cd23ba681a9213b1ae708682a40123b8beac9885e16c49f39acc8fe0352b91359344a2ccae6ee235d40c335f6b287ef

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    58KB

    MD5

    3adf9fb9883050771f6d270a309dbaa7

    SHA1

    5dce59822938a7f629be0361a30622e753f501fe

    SHA256

    c61f585a288ec7f90d7f0f8b0da8417b316285d5bf51e773f6e1ca56416af0ea

    SHA512

    278046e87abb281db7c8302ca829da5ff7a9f81746dd99d385c6ec505a4f50fc5201279945c98129d7992a218e1f58abade7bcd5f12ffb525b3cf0133d30fa71

    Download Submit