Overview

overview

9

Static

static

3

e1f92558d8...25.exe

windows7-x64

9

e1f92558d8...25.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    14/10/2024, 05:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e1f92558d8278bc0ca5c0f789fdf8ebb02a7f20d5d4e26be8869eb309557c325.exe

  • Size

    83KB

  • MD5

    1d00d9973e7528c4506dd6a7c498f898

  • SHA1

    41e288ad19c619b6d59a89c0e69cc958784b5368

  • SHA256

    e1f92558d8278bc0ca5c0f789fdf8ebb02a7f20d5d4e26be8869eb309557c325

  • SHA512

    86091025f96b95498023d3a597c639cdcf2edb7888e77058e88c3ce2cd678b83388f8266b2766544f3e5d6ce48feaea9ebca62a585a1a8b1bd2cb9fa50c2fdc8

  • SSDEEP

    1536:W7ZhA7dAZ1++PJHJXA/OsIZfzc3/Q8asUsJOLKc/xJtLJtTGlMV:6e76mQSohsUsUKk

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (3749) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\e1f92558d8278bc0ca5c0f789fdf8ebb02a7f20d5d4e26be8869eb309557c325.exe
    "C:\Users\Admin\AppData\Local\Temp\e1f92558d8278bc0ca5c0f789fdf8ebb02a7f20d5d4e26be8869eb309557c325.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2296

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp
          Filesize

          83KB

          MD5

          cb720f5d3c4027ef5104ba220cf65238

          SHA1

          a0e007c7f254aeb2b09e66f2ae850738275a94c9

          SHA256

          1f4472b6ea6a08d4876d2e872c7c6b9ba61c65f8ec28a52a4acdc5a8f4bac272

          SHA512

          19b96cdea1a8ec6cb40b90446b9424b3fbabe0853ec0dbc9489e0f73de5dab07711d4df480002d93d98af01754ae76b016fd592b28c6747cce7e6065d797e747

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          92KB

          MD5

          f39bc5f78018cee16ad815427815f628

          SHA1

          7bd7e4850a78fde155391e738f075411d516f530

          SHA256

          42364114c2183472b8cdc5c939f76aa35afdf2a2bd72c1d2df09d3f7b92a0575

          SHA512

          bba0cf3c6a17ab531664f3e3d2ac671c913073f4c3c33854b31438797b2e7e6764fb5a7542a0501fbda1328bf21be8c2d2dee0db33ffb5734c38c9566d64281b

          Download Submit