Overview

overview

9

Static

static

3

402fcb56b9...cN.exe

windows7-x64

9

402fcb56b9...cN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    92s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2024 12:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    402fcb56b9cd0dc4c1ac3ecfb03cd30295bc7a53a25778fab1d0d94bc57175acN.exe

  • Size

    113KB

  • MD5

    e3a06958f9cd796a342ae779e6070c50

  • SHA1

    43e500f718188fffcd33725a51e2270a564d7f07

  • SHA256

    402fcb56b9cd0dc4c1ac3ecfb03cd30295bc7a53a25778fab1d0d94bc57175ac

  • SHA512

    db0e332de29640f3480cde8392770ad4c8c6765ba2feeaf61fa0195270051be97987744e1bedcc9218f5226d883303d22d550df3a30df7efa06bfa9da0c2a6a8

  • SSDEEP

    1536:W7ZhA7pApH9QHwtRF9ESWu0SWutlggalggEpVp+ESIXosbosz1vKX/8KX/B:6e7WpHIyRF9ESWu0SWuDmmSIjXM

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (4358) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\402fcb56b9cd0dc4c1ac3ecfb03cd30295bc7a53a25778fab1d0d94bc57175acN.exe
    "C:\Users\Admin\AppData\Local\Temp\402fcb56b9cd0dc4c1ac3ecfb03cd30295bc7a53a25778fab1d0d94bc57175acN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2924

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.tmp
    Filesize

    114KB

    MD5

    451b18176c3db1b39b17fd008ab9ec79

    SHA1

    e5038c764b085fb3730797f02f7f5353d0198ac2

    SHA256

    78cd0cf35cd408c5dbfd65225004535585cac2f728e455fa6f1a04ba3e4e4268

    SHA512

    1d822d24a276abf26a5d9f73f9562424e215af30b244cc1ecc47abadc2ee1999649c901593d61297a30aae215d21e8aecb31fb1362dbc0ea6c7fa96652bf7109

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    212KB

    MD5

    887930364c16fe79b9b7860034eddcbe

    SHA1

    8a589a85fe152e5e3a2d401efe3f438a5d0b29ef

    SHA256

    8d04975466075f0c0496247f82a3737afa640e15eb06b1dacd86c9b47e0a761f

    SHA512

    e9673c72a92a5a4682abe649099dc237a50c27c8531a90a1c0de13ff23342e0c0a05a2cccdcede90c84cd82719a8d5f33b2156074f59eed0d4d25bd9f9e3ccb1

    Download Submit