Overview

overview

9

Static

static

3

07406ea574...f3.exe

windows7-x64

9

07406ea574...f3.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    25/09/2024, 18:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    07406ea5740b463189bdc1befb7f1ba443efb779fac8261a9db9d0dd3de978f3.exe

  • Size

    83KB

  • MD5

    50640036a8d8562787a7fb1da087855d

  • SHA1

    699881f512880374f15428acf9ac99e75116595d

  • SHA256

    07406ea5740b463189bdc1befb7f1ba443efb779fac8261a9db9d0dd3de978f3

  • SHA512

    6e00fca3d70da038e1de2c34faddea0a5dd5ced8a9e015a7677ffbdfa70d9d2b15ef86456bd0fff3088bc682079f7abebb9b82a7f5314db49befe0a3826481f5

  • SSDEEP

    768:/7BlpQpARFbhNIiJwsJwwnZ7N1J3DCl4N1J3DCleWbWYskK3eaUkK3eaQN1J3DCK:/7ZQpAplJwsJwwnK6YskK3ZUkK3ZK

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3470) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\07406ea5740b463189bdc1befb7f1ba443efb779fac8261a9db9d0dd3de978f3.exe
    "C:\Users\Admin\AppData\Local\Temp\07406ea5740b463189bdc1befb7f1ba443efb779fac8261a9db9d0dd3de978f3.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2168

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp
          Filesize

          84KB

          MD5

          f00ee36e5b213616a7d83c29e719d8c9

          SHA1

          e02a4c416432c9f39d85b33cc4d9ce1ae9efe953

          SHA256

          73c451acb9d1e3b1af232ae735d0dfe079c6067326b3105b1b99795d25b198a9

          SHA512

          b050b808ca9cef65764ca239f7650afb6a65354ffb597f7cf52e295f325dc4e6f36f0428f25c12f621d646daedf786342f448527473363df781738aea470d129

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          93KB

          MD5

          f04c5e18080276cdd57813577a83dd5f

          SHA1

          93b30a79cd053517080bbc0bf47a273b122c7053

          SHA256

          81816259f74e120b142a7eca2ead5375a09694d3b69d5cb6d4af828f4f7d94ca

          SHA512

          c01817c9708de7a8206f8e8bbbe934788dba4447ef9d3098236929ceee100db63d17bafc7de35d390230141c80a264b97ae2da4827a7053e289180810ef3c325

          Download Submit

        • memory/2168-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2168-72-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download