Overview

overview

9

Static

static

3

462e88f708...20.exe

windows7-x64

9

462e88f708...20.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    60s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    27/09/2024, 19:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    462e88f708671b04dc8d3eadc785779fc46f02c52d9a6f98ed02d3eacaf2cf20.exe

  • Size

    47KB

  • MD5

    ef76ea4f46278d42b6f4ecdc58b56a8b

  • SHA1

    9be3a367b185635d647af326979bc3f6b2fda184

  • SHA256

    462e88f708671b04dc8d3eadc785779fc46f02c52d9a6f98ed02d3eacaf2cf20

  • SHA512

    43558e5ef035ec06fcc4842b3405149988f7d1b8fb71e2221197c796480c35f242842721406bbff6dab1725507432ec8d7c714a70771e2399683cd6c9212ca8d

  • SSDEEP

    768:/7BlpQpARFbh1WK9WKzN1J3DCl4N1J3DClk:/7ZQpApQKIKz

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (198) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\462e88f708671b04dc8d3eadc785779fc46f02c52d9a6f98ed02d3eacaf2cf20.exe
    "C:\Users\Admin\AppData\Local\Temp\462e88f708671b04dc8d3eadc785779fc46f02c52d9a6f98ed02d3eacaf2cf20.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2112

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp
          Filesize

          48KB

          MD5

          b61d961495174eece3260a6903b9330f

          SHA1

          b01e1babc8d9bf8c68cc9025f4101d6923f1dd01

          SHA256

          1ddfc3f727bc9a8f676f4185763576c65dac2a15170080ec5ba090ca2f81ab3e

          SHA512

          7e978ea2f32491f591ddcb9d139647b1a0c249fef2ac97a35fddec2875b68b15da815344221db8edf9371ca962a215a6e57444533f4e4823f636e73d86c72fe4

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          56KB

          MD5

          fbfb794fc239d65350e2c88fe9f6a680

          SHA1

          a340e12a00035a62a8caa8089b1ce5b9587b80e4

          SHA256

          324878d1942a467781f8feee8dfee56ba2d6d31a5b826bb395e1370971f46bc7

          SHA512

          b64b1f726ea9259c4d74daa1270ef7fe6eb74745dd1806c495a52c3ab60f4a17a4d125aba29c0890ad34efe348b2f0d1f7a4d384207ba7a61cc11724f4dd093f

          Download Submit

        • memory/2112-0-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download

        • memory/2112-26-0x0000000000400000-0x0000000000408000-memory.dmp

          Filesize

          32KB

          Download