renamer | 766642fe23a587547a840a63e91131308aa94a98a52bc345d4d7536e62b1ed47 | Triage

Submit
Reports

Overview

overview

Static

static

766642fe23...7N.exe

windows7-x64

766642fe23...7N.exe

windows10-2004-x64

Sharing

General

Target

766642fe23a587547a840a63e91131308aa94a98a52bc345d4d7536e62b1ed47N
Size

822KB
Sample

241005-v2hqysseqg
MD5

408f9bfd452c81c3b4009447c87e9d70
SHA1

2a40f2ca80476f97eda9691711eac4655a7880fe
SHA256

766642fe23a587547a840a63e91131308aa94a98a52bc345d4d7536e62b1ed47
SHA512

13e2d80424278363f280a7670fbd3ff4f45b8b580d54b7da798b9f38fc7275c78a366f8fa6a15e9f488b3c1d8fd9893d026076f8f608526a4f52be849ab09064
SSDEEP

12288:wwCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozE/888888888888W8888888J:gNzCtUpQ9WWPBSSRMTEpXNL

Score

10^/10

renamer discovery worm

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

766642fe23a587547a840a63e91131308aa94a98a52bc345d4d7536e62b1ed47N.exe

Resource

win7-20240903-en

renamer discovery worm

windows7-x64

9 signatures

120 seconds

Behavioral task

behavioral2

Sample

766642fe23a587547a840a63e91131308aa94a98a52bc345d4d7536e62b1ed47N.exe

Resource

win10v2004-20240802-en

renamer discovery worm

windows10-2004-x64

8 signatures

120 seconds

Malware Config

Targets

- Target
  
  766642fe23a587547a840a63e91131308aa94a98a52bc345d4d7536e62b1ed47N
- Size
  
  822KB
- MD5
  
  408f9bfd452c81c3b4009447c87e9d70
- SHA1
  
  2a40f2ca80476f97eda9691711eac4655a7880fe
- SHA256
  
  766642fe23a587547a840a63e91131308aa94a98a52bc345d4d7536e62b1ed47
- SHA512
  
  13e2d80424278363f280a7670fbd3ff4f45b8b580d54b7da798b9f38fc7275c78a366f8fa6a15e9f488b3c1d8fd9893d026076f8f608526a4f52be849ab09064
- SSDEEP
  
  12288:wwCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozE/888888888888W8888888J:gNzCtUpQ9WWPBSSRMTEpXNL
Score

10^/10

renamer discovery worm
- Detects Renamer worm.
  Renamer aka Grename is worm written in Delphi.
- Renamer, Grenam
  Renamer aka Grenam is a worm written in Delphi.
  worm renamer
- Drops startup file
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

renamerdiscoveryworm

behavioral2

renamerdiscoveryworm

© 2018-2024

Terms | Privacy