Overview

overview

9

Static

static

3

d0572288cd...aN.exe

windows7-x64

9

d0572288cd...aN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 01:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d0572288cdd265492a3ebe98dbfda71078f9b81a15714d3825eb327225815d5aN.exe

  • Size

    42KB

  • MD5

    caf7cfab64129366d03d2876e258e430

  • SHA1

    f0e5ba236e11448a64c4bd530a8e1d9d18375bf3

  • SHA256

    d0572288cdd265492a3ebe98dbfda71078f9b81a15714d3825eb327225815d5a

  • SHA512

    beac82d9cbfab92420a85418e5d5aaceb98de045a109075d0133e2b9e881f3868bcf97fde1e1554e9e442cad961c5ec4a36fa9d477463c02b985417e8ee397aa

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5ltj8Tu8TaFI:W7ZhA7pApM21LOA1LOl6Aj8Tu8T9

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (4672) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\d0572288cdd265492a3ebe98dbfda71078f9b81a15714d3825eb327225815d5aN.exe
    "C:\Users\Admin\AppData\Local\Temp\d0572288cdd265492a3ebe98dbfda71078f9b81a15714d3825eb327225815d5aN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1952

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.tmp
          Filesize

          42KB

          MD5

          e857b26351ca28600144819042a457d7

          SHA1

          c898459f797b2ac43dfd58d9b0d58c18a177ce32

          SHA256

          400d5ceed7a85c2961fe159df067f5fdf65137f8d8804a9c4f270fac2bc073a5

          SHA512

          c06dac54c4c7d6aae2ec088352d729de2cfb2b27077b1373f42305671b7b63fdb40bbe3204eae825839126bdd967a297872f9725d54506c2950e4874304d45b6

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          141KB

          MD5

          f5a37af497cf1d76bc28e061b4421fcd

          SHA1

          d4186ee3343242b15815b03a0120ccf2034f4ef9

          SHA256

          23a2230262ba1ad95bcaa3d9d8055885a67faeb99cf288abc751171df4880e00

          SHA512

          d22ed6919d6c1a1b872834a99bb91ada7872a7b4afd705ea18db39678056f92c2a88a797b1aa42eb92fdf7de9cb6a88502ad04b2b66c168c2f4a66b8825ad64c

          Download Submit