Overview

overview

10

Static

static

3

aa99c913de...66.exe

windows7-x64

10

aa99c913de...66.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17-10-2024 18:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa99c913decb96133a013abe8d71a057862e3328e8297c959c8eeb063c283a66.exe

  • Size

    16KB

  • MD5

    c9fc5ead99455414732c85614c676afa

  • SHA1

    99ae4a704b37bd1c3f190f99b52493f68bcbe3df

  • SHA256

    aa99c913decb96133a013abe8d71a057862e3328e8297c959c8eeb063c283a66

  • SHA512

    45ffeb541e4124939243a61b982ff11ece9ae8d8171148d354a346766f95f22e85e4504dcb705ac83bbc96ce1d8567c294c5c5f6bdeb01c251dd51328ec89e72

  • SSDEEP

    384:5iNZKe9HBSEbVfBD6LeGzauQibQzisfIIG42RzRTK9oXjfdrMEn+eSkjvka95WVB:g3Ke9HBSEbVdUeGzBQoJKua6dsr

Score
10/10
discoveryransomware

Malware Config

Extracted

Path

C:\README.txt

Ransom Note
!!! ALL YOUR FILES ARE ENCRYPTED!!! All your files, documents, photos, databases and other important files are encrypted. The only way to recover your files is to get a decryptor. To get the decryptor, write to us by mail or telegram, specify the ID of the encrypted files in the letter: Email: [email protected] Telegram: https://t.me/returnbackcyberfearcom Warning!!! * Do not rename files. * Do not attempt to decrypt data using third party software, as this may result in permanent data loss. * Do not contact other people, only we can help you and recover your data. Your personal decryption ID: lGiKf865
URLs

https://t.me/returnbackcyberfearcom

Signatures

  • Renames multiple (286) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops desktop.ini file(s) 26 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa99c913decb96133a013abe8d71a057862e3328e8297c959c8eeb063c283a66.exe
    "C:\Users\Admin\AppData\Local\Temp\aa99c913decb96133a013abe8d71a057862e3328e8297c959c8eeb063c283a66.exe"
    1⤵
    • Drops desktop.ini file(s)
    • System Location Discovery: System Language Discovery
    PID:2384

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\Microsoft\Assistance\Client\1.0\it-IT\Help_MValidator.Lck
    Filesize

    4B

    MD5

    269c1d05f088fff4297fb48c1980bdc2

    SHA1

    00e0f93ebd3450d23ffc873017ac744d45526f54

    SHA256

    fd5f964f5a4229210a457da73443f87ef8c4ee2dcc4ba3ec09baa37a0d6f26de

    SHA512

    1190d959062c7374f655c2c7041fe5807520bfbd93f0881f7864d457e87a223c7efb0a6f112080dd3659dd0587b482e2243eaecaf95d7587018a718152f0624d

    Download Submit

  • C:\ProgramData\Package Cache\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi
    Filesize

    148KB

    MD5

    b98059b4d884f2df2b320a5a105834bb

    SHA1

    5d65f1a7fd7d39c46c78efd645f5ce60cdd02124

    SHA256

    5aaaaa39919a6ecfa8c95a73693cd2324fd96fc41010e703e5e582e3566ff75e

    SHA512

    9034018bd82942d39fdeaf6e7e107ef7cda2a7420ab5175bf0f8d35b7f5943d7508ee4ece0bb08fbc03d72dfebccf7a186634dd11bca8ceda40bc124b0ec543f

    Download Submit

  • C:\README.txt
    Filesize

    632B

    MD5

    e5947abbf99045df634eede07180fa46

    SHA1

    b3506e3118715199707ac9a62557fcb4512719ac

    SHA256

    98611e811a96098298daa934d52960ce9f716a36ae3fdfc316b2b75ae2b54830

    SHA512

    e8fe24857094c4f07dfd584120be204f41cf057e3cf3bd5ade2c5f7cc88bfaddba0f4d5d26a6d2e201894a0c284ba64393f68216556f48a4014a98be90b9a49c

    Download Submit

  • C:\Users\Admin\Desktop\ConvertFromUse.xlsx
    Filesize

    9KB

    MD5

    477323fd681352611b160459ea72c1ba

    SHA1

    f5876006a84f69a0c2917812522aeae95d40adf5

    SHA256

    07f9ddf7c707dd03760158df92e02d5ebcb86b12737aecd4c4624aa7cc5037e9

    SHA512

    dfe3909338c9db9be46b2832b4dec428b731d347fd06904e1173c4d89c70d095daca5b4e8de6ceec5aea1f94736b924116ad93d93780618548facb6c536e9101

    Download Submit

  • memory/2384-0-0x000000007478E000-0x000000007478F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2384-1-0x0000000000E70000-0x0000000000E7A000-memory.dmp

    Filesize

    40KB

    Download