Overview

overview

9

Static

static

3

22cdddd4ae...9N.exe

windows7-x64

9

22cdddd4ae...9N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 20:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22cdddd4ae930e31d0fb3ffe717aa7edef2aaa439eb37457c31e37a91f6882e9N.exe

  • Size

    78KB

  • MD5

    ded9d23ca0e1009c283d32a90b8ef070

  • SHA1

    1b34ae6bfe314de311ea674e617f08f9bd729c96

  • SHA256

    22cdddd4ae930e31d0fb3ffe717aa7edef2aaa439eb37457c31e37a91f6882e9

  • SHA512

    16c8eca21e77ee602395b2259184c327163c1d67c6adb33aa7d597b13a51c82f9dac4ed2ab4c553f8e71757575d5e6168a9bc080ed6163d4f8ea330409936902

  • SSDEEP

    1536:/7ZQpApze+eJfFpsJOfFpsJ5DVSWu0SWudVI:9QWpze+eJfFpsJOfFpsJ5DVSWu0SWuQ

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (336) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\22cdddd4ae930e31d0fb3ffe717aa7edef2aaa439eb37457c31e37a91f6882e9N.exe
    "C:\Users\Admin\AppData\Local\Temp\22cdddd4ae930e31d0fb3ffe717aa7edef2aaa439eb37457c31e37a91f6882e9N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp
    Filesize

    79KB

    MD5

    426df815abc520d8246782ac095d9f20

    SHA1

    8d1ea2c7b08b9377ac81f61b8588aa0cfdbcdd1e

    SHA256

    d68a6fa7c613214c5d92db2228e96d9ddb2f73a575e12564e5747220bd7dd45c

    SHA512

    15a3efe49ccd3e459d391decd87371c01f1669e35ebcb46f917a79f6602ea252e061e73b47e913a6807f9ffe6ab7666d0d8a2ba5d80d9fe89c074a2d4ade5cda

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    88KB

    MD5

    74c95e891c99a6f076f3f66eb17e4bd1

    SHA1

    bdd04f47bb850054c5c98db862d0566cff20827c

    SHA256

    937bdb4802ed6a03d929c972ddb2102a08704a0346756738bac4185dd18fb871

    SHA512

    7a697007a7debe525c3df16c47c488f56ababdca72c768a753a0aff93b62ea8c89ea368aa3decf4f0b70a1262042f99f8205c8865f0140fae1bf13bc223467ba

    Download Submit

  • memory/2056-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2056-26-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download