Overview

overview

9

Static

static

3

085bc997f8...aN.exe

windows7-x64

9

085bc997f8...aN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 06:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    085bc997f8e7a7b465cfde85f524f9bceebd2bc54c4d94910626a82dbc91139aN.exe

  • Size

    53KB

  • MD5

    f6442c17d1f9ebf7934a841b2bd8be60

  • SHA1

    1b0f542a8eaefdf6017dc04e5af9fc53db0bfc9f

  • SHA256

    085bc997f8e7a7b465cfde85f524f9bceebd2bc54c4d94910626a82dbc91139a

  • SHA512

    e62e786fb2205291450597e2992d11ce0956e67d343c16f97deffa4b0740978a6c82531acc2cd2fa89f04804e6694d9cf5bf185c31891e3c85b46fa0ca7e95eb

  • SSDEEP

    1536:/7ZQpApF8HaKa4aKa8KP2awclvmxaKP2awclvmxk:9QWpfP2awclvmxrP2awclvmxk

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3248) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\085bc997f8e7a7b465cfde85f524f9bceebd2bc54c4d94910626a82dbc91139aN.exe
    "C:\Users\Admin\AppData\Local\Temp\085bc997f8e7a7b465cfde85f524f9bceebd2bc54c4d94910626a82dbc91139aN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2328

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp
    Filesize

    53KB

    MD5

    cca994a766bfbb23d76a54a95abcbf0e

    SHA1

    15f8064ad5cdf6472c2bf32b9227d5593d706ff1

    SHA256

    99c531221f29c230aa4e88f4c9530db27eca8ba9079af31013f72b1c183b065b

    SHA512

    7fcfd339d859e1ba125fe20e9fd0a417d13f8cd2b5ddfdc2bc3d1443a4eebb0453f70555d20d0f1afedcf9bc86e46c56ca1f8cffc72ecfcc90f603a6572c424c

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    62KB

    MD5

    2827a583c6cf6a39522efdf49837f610

    SHA1

    4f4bcc7169089d5dca2f76d498451944371bbcbf

    SHA256

    5685129d95508729095acf77c86732ddc17622dbee794d224f68cd18d5ff82f8

    SHA512

    3d490eca808026d6f108d9918335a603885d638f2dbd75c7e7cfe1b84b3220742514c3b9d9b419f352ab84a2cc5099ebaebf12dbd4130b708d7e992af3a5d939

    Download Submit

  • memory/2328-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2328-74-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download