Overview

overview

9

Static

static

3

cc883a126c...9a.exe

windows7-x64

9

cc883a126c...9a.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    20/11/2024, 04:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cc883a126c81326b05ce1e166dbded4264805da6ecf3e7adc9bd815dc497ac9a.exe

  • Size

    65KB

  • MD5

    65ec6472724f806f6c4500ea8aa36423

  • SHA1

    f639131ddc8545c16ed9c8deb230f1d4b9345cc9

  • SHA256

    cc883a126c81326b05ce1e166dbded4264805da6ecf3e7adc9bd815dc497ac9a

  • SHA512

    9af35f42a62e4466b6508ef90be499b913dcd6e27949641d9f1743ddd81cef5e8d9c3ae9d2869224c6253b5abc20cb7605de226042cc12d6ffba5dcb6e40551c

  • SSDEEP

    1536:W7ZrpApojswv0EhLfyBtPf50FWkFpPDze/qFsxEhLfyBtPf50FWkFpPDze/qFsoa:6rWpcsHEhLfyBtPf50FWkFpPDze/qFsn

Score
9/10
discoveryransomware

Malware Config

Signatures

  • Renames multiple (2881) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\cc883a126c81326b05ce1e166dbded4264805da6ecf3e7adc9bd815dc497ac9a.exe
    "C:\Users\Admin\AppData\Local\Temp\cc883a126c81326b05ce1e166dbded4264805da6ecf3e7adc9bd815dc497ac9a.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1956

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp
    Filesize

    65KB

    MD5

    2c779fd8c7d55531fb2d06ee97662137

    SHA1

    c6438e41dfdceff0c2272a08a2c47cf2510ca65e

    SHA256

    eae577cb9f1ebba8b137ee4aaf30aaf81f8cbef455856eb6e4833ee3eb1b5794

    SHA512

    602c438792269376a20bdae990942bd02b173db234a186b18fb2c8ce77eeb25f36b496beb20496ada18794bd6148ed64007915023fce79ef847a2782c91a49ea

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    74KB

    MD5

    db648d5263761f711e113cc355789e72

    SHA1

    f53c5e7f206c78a14122a2ede66ede8d066e70d8

    SHA256

    c065f9c0d3bfea0417a00fe64ca64d7cf3463b3b2ef48521b7588e6663141f61

    SHA512

    619bc2bac35968e5ed56cdafb0c6f79a1f37729232c2c37bf37cfeb4ca13e37c916fddf54bb156a90e708e8356fa5743b322ca013b0c5e9551716801bd1c9e3f

    Download Submit