Overview

overview

9

Static

static

3

f01c937e63...8N.exe

windows7-x64

9

f01c937e63...8N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 17:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f01c937e638244164fbdb5345cd764fa71f2175b96d6ac880a60ab1bfdb96228N.exe

  • Size

    43KB

  • MD5

    4d3e8433ff56edab24771855cbfe8390

  • SHA1

    cf8b092340bd111e6280e7d065e4b4c82beee3dd

  • SHA256

    f01c937e638244164fbdb5345cd764fa71f2175b96d6ac880a60ab1bfdb96228

  • SHA512

    802dae520e6f37b416535afa69710ae1262c6d229c46af27d7919620182e3970f61a1bfaaf0ebaa60a446d1c5d1af9758adc4240b2efe8b2643419fbc3d9a237

  • SSDEEP

    768:W7BlpppARFbhjbhg42LcfpR42Lcfpb2N231F1ngigh:W7ZppApBULcfpHLcfpSo3f2xh

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3269) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\f01c937e638244164fbdb5345cd764fa71f2175b96d6ac880a60ab1bfdb96228N.exe
    "C:\Users\Admin\AppData\Local\Temp\f01c937e638244164fbdb5345cd764fa71f2175b96d6ac880a60ab1bfdb96228N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2420

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp
          Filesize

          43KB

          MD5

          0fe5af1732a14c73f90f538b1087e745

          SHA1

          3b97f5e94013ba3bf7636b309fa24cc3e1bdef5c

          SHA256

          01cbf524014286c63910f48c16a1bac878154a4c6dfb2bd27175b587a9a42fa8

          SHA512

          ac2d1f07b0f5fb818e9d2e4141e48cae9f481ec49cbb54d2dd8a4753925b4e00bd290557fbb4791d601fdf127dbd64a63ddd823b6f50ff5c14bb3d6a68b24fdf

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          52KB

          MD5

          728ab6a94b129a287c16cefb189677a8

          SHA1

          f69984a1ea6f8182f1aaf0847dd7d9ee8029e7ae

          SHA256

          cc94f2b76a9d2709e763ef0bfbbe004380e809518ee5fff4ee43d480c09f04c7

          SHA512

          231eaf449cab565f80975837db8d4223ee088261eea28d8c2c985407ab1e724723d7d77afa5cc5996f0993ac317d2dc8d244ed68b319f37d4524bf5ff30f7d47

          Download Submit