Overview

overview

9

Static

static

3

e33c633e8c...e0.exe

windows7-x64

9

e33c633e8c...e0.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 04:11

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e33c633e8c702de041ebfb436d8552769f42c99acf64ba4cd9c06b51f8c36de0.exe

  • Size

    52KB

  • MD5

    9af47e02495278c587feadff67cc6fbd

  • SHA1

    91450f0086e2a88484d84503d04913267f68b18b

  • SHA256

    e33c633e8c702de041ebfb436d8552769f42c99acf64ba4cd9c06b51f8c36de0

  • SHA512

    3264ec375b79325d856a3d03144cb51e46e07035797cb634c40abc3265bb5c8508f0e40a351cd79e0e01892a225efba9780d6589e49727f82b2127ceaa03393f

  • SSDEEP

    1536:W7ZhA7pApM21LOA1LOl6Aj8Tu8T1Rxew2wN:6e7WpMgLOiLOAew2wN

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (1122) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\e33c633e8c702de041ebfb436d8552769f42c99acf64ba4cd9c06b51f8c36de0.exe
    "C:\Users\Admin\AppData\Local\Temp\e33c633e8c702de041ebfb436d8552769f42c99acf64ba4cd9c06b51f8c36de0.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2664

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp
          Filesize

          52KB

          MD5

          db58191181011b70b1b68901827cd72b

          SHA1

          828d7b5acda653a36beab3da2c03b8c8a23c4a7c

          SHA256

          566fa2dfbf6aea8a8afc90c3dd4d02aeac9f4dec8038f927d6759166de8f2d97

          SHA512

          4c98b4a44d7dfb57b639e425c87b4d8fd17f69ec3f64314fadcf360633b1923ecd3025f2c2e0b65fae9e921cff2f6aad07f91afb8a6200619b02466809d03573

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          61KB

          MD5

          d320b9de4070f517c55ea666759425a6

          SHA1

          1f5b47f3b2e65e0f83f5e189484cdb4bd7708dac

          SHA256

          64b9d5df48c8d2f2a760ae234fe45b455c5e66fff8f1458cf9586d4e59cb298b

          SHA512

          4f5c9e1c6108527b193907201a46971db0d505e7774852af1b8bb4bb0202c28b7ff6f29965cb3c8f4ccdc1b5ad336d6eba059c65d78e639a1fb032b2af71bf22

          Download Submit