Overview

overview

9

Static

static

3

e38baa7653...fN.exe

windows7-x64

9

e38baa7653...fN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26/09/2024, 00:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e38baa76536384af1837df6012304fe8c05cf9374f898f541b4803cbb7d5f99fN.exe

  • Size

    41KB

  • MD5

    c56e145080690ce90c56bd1ce6de8080

  • SHA1

    a028b38ed569299f1bf2717a7e1a92a70a1bbd2c

  • SHA256

    e38baa76536384af1837df6012304fe8c05cf9374f898f541b4803cbb7d5f99f

  • SHA512

    f84117322f67b53f224931f508ecfb5c100a42cef7bab2a3e1fbe41e285fc1e4f6911283b11b9e9bb318177b36badd776accc88b02ab35cdf1c21317da4b61a5

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lttXg:W7ZhA7pApM21LOA1LOl6Am

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3217) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\e38baa76536384af1837df6012304fe8c05cf9374f898f541b4803cbb7d5f99fN.exe
    "C:\Users\Admin\AppData\Local\Temp\e38baa76536384af1837df6012304fe8c05cf9374f898f541b4803cbb7d5f99fN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3020

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2872745919-2748461613-2989606286-1000\desktop.ini.tmp
          Filesize

          42KB

          MD5

          6453a4b679f0a50f57721a80af8f592b

          SHA1

          ebdf7c0c7fdd8c5ecaa6c9e99b9a3015e63a2330

          SHA256

          79eccd3d66c0a1d07de628bb937936fa9e0dbb51b193eac42b729e0127ca76ce

          SHA512

          fb3765db782ebca3ffe148ee5baea0f5f8bb6b7b11bf884b6c8704b4cc27ef6f66eead0ad3a3ea8191df8f290e5003173f92c12bcb2e741f64f3002d10e92472

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          50KB

          MD5

          491dbc5580f98f80cf0eb12bbb4dded1

          SHA1

          f439a70738d2f48a1106b6248c36d31dcfd2b40f

          SHA256

          ad40a1b637987e81396776cf095ad69e02dad0844199ac576234a661e6f9ec6f

          SHA512

          8cd4660df5ba514316e716677b20041c77e3506c80e477d5e421fed91c25aae5b07bbd924ba9f81f27c2efe2ba0b0f26de32d072d7b8c54a42bf7cfefd27b6b4

          Download Submit