Overview

overview

9

Static

static

3

1b321320cf...5N.exe

windows7-x64

9

1b321320cf...5N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/09/2024, 16:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1b321320cfa1f3025ee3ee94da820e871f4971ff2fac93ddf2831446e25e41d5N.exe

  • Size

    37KB

  • MD5

    15b417086643a67b617c3ad1a14bb9b0

  • SHA1

    5b5d79d2dd6a95dc580e6363383e0467d4f77e0a

  • SHA256

    1b321320cfa1f3025ee3ee94da820e871f4971ff2fac93ddf2831446e25e41d5

  • SHA512

    4d55af0569397eb2b507f27f053b48d4e0634bd82efea411d2d32841ef88945df661ac07d9c7975265ce4859c772af6f2052803e5bae5f1bcd52db139cfec87e

  • SSDEEP

    768:W7BlphA7pARFbhM0Kkq81LOyq81LOl6Sl5ltjQ8QA:W7ZhA7pApM21LOA1LOl6AcfA

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (5203) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\1b321320cfa1f3025ee3ee94da820e871f4971ff2fac93ddf2831446e25e41d5N.exe
    "C:\Users\Admin\AppData\Local\Temp\1b321320cfa1f3025ee3ee94da820e871f4971ff2fac93ddf2831446e25e41d5N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1364

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2392887640-1187051047-2909758433-1000\desktop.ini.tmp
    Filesize

    38KB

    MD5

    20c2471ef026a9126947f4f8f549297a

    SHA1

    090d0f5ebcf5aed8fe839b3039bd544b48d59baa

    SHA256

    dc0ddc9a4b17a0df733c89789cd9345d8095fdae1ba4b0938b8b82532c86e6c9

    SHA512

    c83d2d8b8fe7d1129d87528a5236c14d7344185f9e8a1d58cc7d45e7549340018e8e8a2de4f32ec72dea955fbcce002dd490d571bea7c858d5ba1a806b6f5f73

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    136KB

    MD5

    d5254bc9463a5df113da052c5b7b8d54

    SHA1

    25c428f3f93ee302ecfffb1b236b9c96ec0f11f2

    SHA256

    113e1a3e8db1f458897f9e481c03dd56f0df5f44cf0ea00568d70dfecdc09ea4

    SHA512

    cf4c5bb84ad7ac180c23fb314b94ab161b09b78bb014d44de9279136dc1b3b7cd2b76e6e88b40ef10f9d8231f5a6199b8b1e707b1e6a59c24e53b84e4e50c43a

    Download Submit