Overview

overview

9

Static

static

3

1f0c013d0f...8N.exe

windows7-x64

9

1f0c013d0f...8N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 12:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f0c013d0fc13c38f3218608a8bf8a287c20c474c632a8b96cbaf12a182f05a8N.exe

  • Size

    45KB

  • MD5

    f9180a2ca66ff4cd21441627a2a149b0

  • SHA1

    24fb7c8b371ae46a73fc839f3315d493791988af

  • SHA256

    1f0c013d0fc13c38f3218608a8bf8a287c20c474c632a8b96cbaf12a182f05a8

  • SHA512

    efa9cbb1b6cf13be2fea607918631d2792069fcc427e52e986f118dc79d59611d0ff83e26be69ac5ceb176baf86756e6f7d7d22df5dc4891ae7ca4bab93b2555

  • SSDEEP

    768:/7BlpQpARFbhfyiyooa0OMiJfoa0OMiJ2kAHAU:/7ZQpApHz8kAHAU

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3138) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f0c013d0fc13c38f3218608a8bf8a287c20c474c632a8b96cbaf12a182f05a8N.exe
    "C:\Users\Admin\AppData\Local\Temp\1f0c013d0fc13c38f3218608a8bf8a287c20c474c632a8b96cbaf12a182f05a8N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
    Filesize

    45KB

    MD5

    1f873f839a994a3285841351361e1ccf

    SHA1

    1eef85c15676e7408886a154bf75b2681da5db8b

    SHA256

    26d006b3c33e1d6a540766e4ef507cdb8e5a48f4bb455b0067b98debbbc8b5f8

    SHA512

    dd49929237ff916d9a572c16b83b774d6fbef1dddd6ee6bb27ea9ebb4669ef4c8170323ac35145a7cef5f5f8381b003c944365255e32bf9341210ada8de98293

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    54KB

    MD5

    af420daddfd489be5c199f6edd982ebd

    SHA1

    0aca829358e8224b121f4fdd6ba8f30417c6df76

    SHA256

    b204de0cdfdb67b371476813d1960bed0dc97ca81bbecb41a85cf55271473694

    SHA512

    00ba6a98b0dd22ca1302eea95dd4313a707231b292e2d23285e08388156fd9c14dcad0334af2e53ec138e75b6fcb8f70e9da62fd2ca155f22cbdbe9afbef7b25

    Download Submit

  • memory/1680-0-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1680-68-0x0000000000400000-0x0000000000408000-memory.dmp

    Filesize

    32KB

    Download