Overview

overview

9

Static

static

3

8d9d3eb299...4N.exe

windows7-x64

9

8d9d3eb299...4N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 00:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d9d3eb299352e6e1a5bd57cc7efc813dbb9d530b5d4a129a704207b5284c514N.exe

  • Size

    97KB

  • MD5

    e3201ceae213f2bb976fe7f912b61dd0

  • SHA1

    9a7eb7081af890bb59ccc65398baf74e03fd26c6

  • SHA256

    8d9d3eb299352e6e1a5bd57cc7efc813dbb9d530b5d4a129a704207b5284c514

  • SHA512

    78425fcefbafed246ec0ef96d8f758291fff30db127aa94c846a82a172aac5679fbb90c55b399d8f52a177abc65320a742e99d44402968478907446be339c822

  • SSDEEP

    3072:6pWpUFpEhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFslEhLfyBQ:PqFF2Ie+eFb

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3100) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d9d3eb299352e6e1a5bd57cc7efc813dbb9d530b5d4a129a704207b5284c514N.exe
    "C:\Users\Admin\AppData\Local\Temp\8d9d3eb299352e6e1a5bd57cc7efc813dbb9d530b5d4a129a704207b5284c514N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp
    Filesize

    97KB

    MD5

    c98f7e15c6d1402cb3bd26978fe4f088

    SHA1

    fee24ca5edb05da215b71f22363599c1e63d2125

    SHA256

    9a8485e023958b7e9e3b191cabe872ff9da34f2dc7340a7d0d9e079555852d68

    SHA512

    51bc30a9efe08434707e2f89354cdd7e4edd445f27008a9a9d4cc40ab0dea73f73117e357d51f6c3219800b7d424198c6760469047395d4f06be47ac5bdafaa0

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    106KB

    MD5

    6283816718d90c3f103a1e76125e71ee

    SHA1

    3c2d1c166cb4b165cafe3714a18b077debc1edbf

    SHA256

    c311031e2da7c86eccd73a683123b019b321caff59110e367f44e3f39dda312d

    SHA512

    9463f1b19b283353e04f235d2b3d3e15eb02cadeb8b3e48eba51e0902a4bfd358b45c70e497c9ed1cef06b2ca119161c349d3df004c68d1a67f710af9549c1de

    Download Submit