Overview

overview

9

Static

static

3

cd602a586e...dN.exe

windows7-x64

9

cd602a586e...dN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-10-2024 02:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe

  • Size

    87KB

  • MD5

    09e7528d6f8898efd2db84fb8ea215a0

  • SHA1

    cdda47e813f5ffe3e23321717b6b0fa6fbed9efa

  • SHA256

    cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809dd

  • SHA512

    055ed367c6567500054f2dd6997314f08de554e892b734b9369fa0f4da6f7d05eced15a89bd1507da8ae1196ffab0f1d8aa4250b0048d30aa32adbe1b06c89a0

  • SSDEEP

    768:W7BlphA7pARFbhM0KW2s9B4b09Xgd7jylZqzpEPZD:W7ZhA7pApMaxB4b0CY

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (4610) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe
    "C:\Users\Admin\AppData\Local\Temp\cd602a586edcab7e9669f908665f3e599dc41b5ed4845fabe4a3ae8b0a8809ddN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3612

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp
    Filesize

    88KB

    MD5

    0e032a63a93346da4a44e476e8126314

    SHA1

    1c3dd9a18e1dc2340252b392715a7edb6e1aba76

    SHA256

    deb0c5e0752872f7b14e13a8540263f7ed52590da935c68375f86ee8a25d73d3

    SHA512

    0bfb63cf5a42d074c12e6901d9ccb689b0c666884767d2ac460ea8d1b19666e7a13fe847d546ab8cb565e6ec026369c9a2e51d07d2da1b4eaaa532d123db0986

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    186KB

    MD5

    354e442cef48aec08c6b0344c96ef5af

    SHA1

    04ff227214bbba48ab62b1304b71d06d9d037fca

    SHA256

    196b2b38c2425c1254cfb3ea964a5e54493d8bd952ed5e3a3ac1b36b817e4ba2

    SHA512

    74223cfc69a2b812a2a427d7520f22898b78eeb77313c79de889b65f2ad64cf15de00f0c663149cae8d82f37e623b26f221c5b04b6cf2871d1b516c97d3b6899

    Download Submit