Overview

overview

9

Static

static

3

bf57b85ab1...aN.exe

windows7-x64

9

bf57b85ab1...aN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-09-2024 17:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bf57b85ab19d5c2b97d9b30a16945890eb10a8a9385ed55df9bca4229eab63baN.exe

  • Size

    37KB

  • MD5

    79f24fe05dd4b52094c54da85e391cd0

  • SHA1

    395204551ff8a16b2235b7c5128436b0e9feaeff

  • SHA256

    bf57b85ab19d5c2b97d9b30a16945890eb10a8a9385ed55df9bca4229eab63ba

  • SHA512

    3c1d7e6f6337f1bf216364a4b037f123939157f0826592d3edd0205a1415170209a05b2b1bb56ebfd12e53ffcc6c90b1e8d8f109bf1265a1918c0bfba4a6c7c0

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5lty:W7ZhA7pApM21LOA1LOl6Ay

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (4670) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\bf57b85ab19d5c2b97d9b30a16945890eb10a8a9385ed55df9bca4229eab63baN.exe
    "C:\Users\Admin\AppData\Local\Temp\bf57b85ab19d5c2b97d9b30a16945890eb10a8a9385ed55df9bca4229eab63baN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.tmp
    Filesize

    37KB

    MD5

    74a1fca435ab17141e1d083fe7ae2373

    SHA1

    db5b36335adba55c3a2571b574420936659e44ed

    SHA256

    c4ba7ba680520194216cd93f4dec7a8464a63d85186d16da1021c9146c6b0c9e

    SHA512

    f4538bc8a8a60421c864ec854d477d918ec4480db48028aab4f338ab326ec79e83d46028a8f5f25ba4891b5f903b957853705ef4145a45d80aeb2d27a7f16f13

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    136KB

    MD5

    a2d1ce9d60ea93fe5495754d3d3a7aab

    SHA1

    109146f42540e3bc2ddfa859974add5586fd96cb

    SHA256

    49c56b887d0a4b3a340c573de69962ececbaa70172c7976af502282f62520dc3

    SHA512

    2eff771c162b91514a5ee02fd0872bcc42a54378e36c76881f609edd8f4fe79d06381b619f015450c52cab41f22060fdddbaf1651564598e932bc1c1aa656e3a

    Download Submit