Overview

overview

9

Static

static

3

392be4b653...fN.exe

windows7-x64

9

392be4b653...fN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21-09-2024 01:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    392be4b653042aeea1e98b5e30aab7f3821e3772676acf19297f0e397f8b1b0fN.exe

  • Size

    40KB

  • MD5

    6aa9bcc221358ba3a3f24c6ef42ad7a0

  • SHA1

    4773b174b45846a92ef012256b042b1e3849d146

  • SHA256

    392be4b653042aeea1e98b5e30aab7f3821e3772676acf19297f0e397f8b1b0f

  • SHA512

    dcf4bcb3cecb8b68aaf0cbb9d50481456d384135bed21cb467cf4459c948d1462c4cb04cb3c829795c3ed51cf65e4816aae9a16438f0c23f9f00bcdca8523c44

  • SSDEEP

    384:yBs7Br5xjL8AgA71FbhvsKvbT4/Pbf89taJrcT4/Pbf89taJrK7V:/7BlpQpARFbhVvbM2MI

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3259) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\392be4b653042aeea1e98b5e30aab7f3821e3772676acf19297f0e397f8b1b0fN.exe
    "C:\Users\Admin\AppData\Local\Temp\392be4b653042aeea1e98b5e30aab7f3821e3772676acf19297f0e397f8b1b0fN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1984

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp
    Filesize

    40KB

    MD5

    17539579de13fc430b999f772306479c

    SHA1

    ff80cfc40eb56f39737a82ee3b81d1c357cb30ea

    SHA256

    c3ab061ec04b882550e34630740f848c4b7725288f5f4c8946a3b885ded9a263

    SHA512

    9ef9790025087f6d26b76009aba7bb76146a5d2e363f23905297cde5148fa220a96dadba862ba37109fc78ebc5f28c01149a7271163f8fd8f397635119015510

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    49KB

    MD5

    ee20b7efa2875d15c712d3c799e7d35d

    SHA1

    9efeb5d0767c45119843c1dff57cc98f73cf0f94

    SHA256

    9abae56f37c60d4c331bb8f944796c2d8502704a640534d2e7ee63dd06afc4d1

    SHA512

    314e2afa850a3b4a72c30988025fca8a2d8552c59e42ae9a2c527eaa95828a3c389b82131786feff29bbf4edc6a336577f602159ee3c9372370697642541dbf6

    Download Submit

  • memory/1984-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1984-74-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download