Overview

overview

9

Static

static

3

d35f277cde...9N.exe

windows7-x64

9

d35f277cde...9N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-09-2024 08:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d35f277cde36e5a9f767cd50b733d4c4446e5e820d31e5b66194f400a4affac9N.exe

  • Size

    35KB

  • MD5

    fce922c2b253f59d5bbfc73d9571aa60

  • SHA1

    b8bcb36f2e37a0f0f45ecb6b493932af5f3ab97c

  • SHA256

    d35f277cde36e5a9f767cd50b733d4c4446e5e820d31e5b66194f400a4affac9

  • SHA512

    5003e1dcfb7f0e062d58f9bc7410030d560fce883afdf9ef66f50b208a4bd86a826da3833b6f6b5dc6f282ac6cd252691ce9f961af71ed87fe07d2c88c6dc284

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5ltg:W7ZhA7pApM21LOA1LOl6Ag

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3105) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\d35f277cde36e5a9f767cd50b733d4c4446e5e820d31e5b66194f400a4affac9N.exe
    "C:\Users\Admin\AppData\Local\Temp\d35f277cde36e5a9f767cd50b733d4c4446e5e820d31e5b66194f400a4affac9N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp
    Filesize

    35KB

    MD5

    1f539385cab3c43442282c3365c70750

    SHA1

    34a928a3ccd9cdf9844b0dfb395dec6b6058dbc1

    SHA256

    ed2681ecb994ca00ba7cc523012955b67d60acb4f497128f20c3f74d2eafbeb9

    SHA512

    f7445bb77bb9d2084b88d82daf7c4666c00bddfc5046a41ebc2d46491f3f0a249223d38ff2a93ae4499abf4668ef065f2707b1be88dd754248412416d11c792b

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    44KB

    MD5

    e6596583615ebcccfb30eac45b8656f2

    SHA1

    74b7bc8522149fd03f0f4f61ed36244b3cfae04f

    SHA256

    5d4e3891c0a9eebdff8c40fbbeffc0fc0cd67b4874d5d0dd2916d9776dfd8428

    SHA512

    cf6d7483e907b9e837f30d96bb0be2d48c5839035433a3ff7d7922cbf4abcd2f4d180181cab986a7ce37e1c5adbf947350553b51449038bca20ec983fce0fe8e

    Download Submit