Overview

overview

9

Static

static

3

9966c06315...eN.exe

windows7-x64

9

9966c06315...eN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 03:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    9966c063152ff064bf908f915d9d6f1082aef25be2870e5cc52e1666a6420c1eN.exe

  • Size

    49KB

  • MD5

    8af4940cd9d69cc83f12b00fb832db50

  • SHA1

    cb97aff324a7d325580732df432c8682bf380d19

  • SHA256

    9966c063152ff064bf908f915d9d6f1082aef25be2870e5cc52e1666a6420c1e

  • SHA512

    7f9c08ab477459963e63d3d51171eeebc90bc922fa77bd4cdf0c8e5067cc1ce33616b5759a32fa51bd1128c6c069b27a00c898583e64ee98f425a61b38bba428

  • SSDEEP

    768:W7BlpppARFbhjbhg42LcfpR42LcfproFNFjqAJLOqAJLBbfCDTbfCD1d6e:W7ZppApBULcfpHLcfpyDkbfGTbfG1H

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3252) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\9966c063152ff064bf908f915d9d6f1082aef25be2870e5cc52e1666a6420c1eN.exe
    "C:\Users\Admin\AppData\Local\Temp\9966c063152ff064bf908f915d9d6f1082aef25be2870e5cc52e1666a6420c1eN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2472

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp
          Filesize

          49KB

          MD5

          c17c84829c5d714ce020eff6ae0917a0

          SHA1

          fcdc0060d9dcdc6eaf35fac5402b07aaae1f4740

          SHA256

          287341c6f3b6ae1b54b10ed70ba078f596636574664e0e041a94b35cde71e435

          SHA512

          8f5733e0d420b133e3fd40d9be073cf0261285bbd4f674bcd40efe8f1e843278fa36c7f0d4942355024f5873bad1e87a885859bc8226ec15cc99fb4a3a4d580e

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          58KB

          MD5

          770f9b0fd7ab230cc8f2482d9ed410dd

          SHA1

          82e12c2014bf2f56489ec830ada0cbea00dde1e9

          SHA256

          73579483a3c643c9ec772636fcb9e532d36e1b86ba23556a6376d295a3b0d07d

          SHA512

          627d67597391a0584614f20c7da415709a480e6793bca9c77b739d5a83e6d3801f7637544229704bce3ad1c2ebfe914cee208fb834d2051a4d415c322a591576

          Download Submit