Overview

overview

9

Static

static

3

ebbb876183...0N.exe

windows7-x64

9

ebbb876183...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 05:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ebbb8761831a10811447c24eff637bc0b9eb6e95377136ef21c343c4471c86e0N.exe

  • Size

    43KB

  • MD5

    000b5ddbdea026f2f37d133e6df3f9e0

  • SHA1

    4f03b8dd33e8a4994db07a4520c059a174a1ffe9

  • SHA256

    ebbb8761831a10811447c24eff637bc0b9eb6e95377136ef21c343c4471c86e0

  • SHA512

    029d47e96a5b3fb9ba75b018e02f39d26a16b58b0451baf9a3408ca8d9a63648fd4f6cdb00411941d19d52e913f44490be2ef72340704180ca761714415abd1e

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LObC8p8CVT:W7ZhA7pApM21LOA1LOFVT

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3323) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\ebbb8761831a10811447c24eff637bc0b9eb6e95377136ef21c343c4471c86e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\ebbb8761831a10811447c24eff637bc0b9eb6e95377136ef21c343c4471c86e0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2568

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
    Filesize

    44KB

    MD5

    46e4484aef4e28d0723213b985f82ebe

    SHA1

    dc11a170b59db56d5f81a63ba4b9feca0e4afbcb

    SHA256

    730515cb2c534cf0355d7b1c75898034ef8a412f8665fa5644db3ebf519193bc

    SHA512

    034f581b90341e793c333e658c123a9c960bab984c5d675cfb82d45e6e97a23be7c4ca61af7b28128ec385dc7a275483b90ea77722e7fe5ee93d3ad912f7d64f

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    53KB

    MD5

    985a80d69fd1b5ff430891d8884d426a

    SHA1

    fd871b9a69042f187f8dda97e74bfc076a7fbe3e

    SHA256

    a2938c4ca4c88f5582427f3815d3613fb75042e0b00b4b4000b4c9d3eea00bb4

    SHA512

    0302e52e5c1b392ea5847487e150324cdd4daa025a2399542c05c3ecd3f998cc13e9a5adc794ab2687c8be92057c26781421ce52a55cecd202e02ee6130afe28

    Download Submit