Overview

overview

9

Static

static

3

dbd1720ecd...2N.exe

windows7-x64

9

dbd1720ecd...2N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 21:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dbd1720ecd011ec227addebe1062780bd580e29c0e9d639634114c87c7219992N.exe

  • Size

    54KB

  • MD5

    1fca19760cd6a3f477439084f94d96a0

  • SHA1

    8ad719cd18f2d0034a95029e6798af7546d1881e

  • SHA256

    dbd1720ecd011ec227addebe1062780bd580e29c0e9d639634114c87c7219992

  • SHA512

    ce6a13534933422a5313575b7902a8509fdc3676faa2ab30e21eefeba0c9552a4e3619472b018fc9dcf26c8332d5fe5b1477ccf9f7d134ff6d4bb895e30a5584

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lz/g6sHzcXHzcC3OTHThLi:W7ZhA7pApM21LOA1LOl6l6YzqzV3cLi

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (338) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\dbd1720ecd011ec227addebe1062780bd580e29c0e9d639634114c87c7219992N.exe
    "C:\Users\Admin\AppData\Local\Temp\dbd1720ecd011ec227addebe1062780bd580e29c0e9d639634114c87c7219992N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp
    Filesize

    54KB

    MD5

    1b12899ab7cbcf55859b83cd13f3fc9e

    SHA1

    8fc4d18ca1de0263601cb5bef0783bebd9d6ee36

    SHA256

    278f1e7c6738692f8ef1224a8a80747d429b8725c3ae553c94b6cb2a4202eaf1

    SHA512

    b88fbcc425075eea9c32436b8cdcce65892e6e015767629180cdb7fefb6804b8c14b4434d206647648ee70f567542906cd28efbb9532b20550d44409ac3c9c25

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    63KB

    MD5

    094a6bfb87128b3ed71854fe2ea3e0f3

    SHA1

    95e0911ec09a28fda058a12ccf45cee34d18289d

    SHA256

    6dc5dd1f4c4a1e7f1109ea636e4c650d13e6b2731a0f0f7085d50985b89ed654

    SHA512

    0826d13566231f1c6629eb3c2c77ed961593bf0ae84cb677f16909c4e3865282d0e7118aaf93cd79210b265ef74997e3ca2b57a6b1fd513419acaf2646388cf8

    Download Submit