Overview

overview

9

Static

static

3

4085c35016...2N.exe

windows7-x64

9

4085c35016...2N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 04:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4085c350168fd844880ade0fb4706835747376542d8c5f20d160e19508209602N.exe

  • Size

    43KB

  • MD5

    b326895e923c9bfc099e99ad2ee87230

  • SHA1

    fcc4aa12b9b4ef9827a47853172c407ac0204234

  • SHA256

    4085c350168fd844880ade0fb4706835747376542d8c5f20d160e19508209602

  • SHA512

    5da25a77b74d5dabfd6a2b6d0c27b8e45ec43eb69702559b104138be0f70e8ba8fb45903fccaa414a5c5ecd0a9005fb35fb53780f3012154cb2adffbc6b62744

  • SSDEEP

    384:yBs7Br5xjL8AgA71Fbhv/Fzzwz72Jwuq2JwuR0U0IIqd:/7BlpQpARFbhNIiJwsJwwnZn

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3284) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\4085c350168fd844880ade0fb4706835747376542d8c5f20d160e19508209602N.exe
    "C:\Users\Admin\AppData\Local\Temp\4085c350168fd844880ade0fb4706835747376542d8c5f20d160e19508209602N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2848

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
    Filesize

    43KB

    MD5

    ee4223ad1e6bbde96501538f3a7b3835

    SHA1

    b48970696c49797f604dfff72d67afd172f505eb

    SHA256

    9a5a840e36d3fc8c909f6dd917c20951a15ec3fcb9aef3c6452b51a84397f6a2

    SHA512

    06cadd67d23103ca9989f979a7f182b19182b16f625341a91c7e55a92f9c75957a665979d9c388f1d1dec71526d45360095af27dc28c40d3a94f30576386dfc8

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    52KB

    MD5

    4ff3548f319011e85fb39ec699d37666

    SHA1

    c4e29f6b70b65521ed817957bb6dc50988b1c395

    SHA256

    40c4ae1d185018682a9d0184e7cb49d0f7c0d10c7f7f5bbe519b06386ddbc038

    SHA512

    0b24a86bd1a0cc05b801ec140c874ef6945e26eeaebdf6af547c8da4101e619ff636b25b60e3412daf54f9e3908c7a2fb16fcf3c3a5e25d69f5bd7fc55f6bbc1

    Download Submit

  • memory/2848-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2848-74-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download