renamer | e7da3c48c7c619b17a464339d8af9dfd23eac89f209ae150c9e06e4c3d4ebb31 | Triage

Submit
Reports

Overview

overview

Static

static

e7da3c48c7...1N.exe

windows7-x64

e7da3c48c7...1N.exe

windows10-2004-x64

Sharing

General

Target

e7da3c48c7c619b17a464339d8af9dfd23eac89f209ae150c9e06e4c3d4ebb31N.exe
Size

824KB
Sample

241218-phdp1azlhq
MD5

a854d8736bc61bc88e75d3a29e5650e0
SHA1

2c203079ef788c6aba1c078dd50c14ec2ff6fcb4
SHA256

e7da3c48c7c619b17a464339d8af9dfd23eac89f209ae150c9e06e4c3d4ebb31
SHA512

c66c2eca4e58b429c93d0522640156f6090b53dab3dd4a5254f533e9e129ef21540609cf1c42994c69416a6f0a7fde14d96d28b2047dfffbd336fa89dae31c32
SSDEEP

12288:/wCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozE58888888888888W888888E:bNzCtUpQ9WWPBSSRMTEpXN4

Score

10^/10

renamer discovery worm

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

e7da3c48c7c619b17a464339d8af9dfd23eac89f209ae150c9e06e4c3d4ebb31N.exe

Resource

win7-20240903-en

renamer discovery worm

windows7-x64

10 signatures

120 seconds

Behavioral task

behavioral2

Sample

e7da3c48c7c619b17a464339d8af9dfd23eac89f209ae150c9e06e4c3d4ebb31N.exe

Resource

win10v2004-20241007-en

renamer discovery worm

windows10-2004-x64

9 signatures

120 seconds

Malware Config

Targets

- Target
  
  e7da3c48c7c619b17a464339d8af9dfd23eac89f209ae150c9e06e4c3d4ebb31N.exe
- Size
  
  824KB
- MD5
  
  a854d8736bc61bc88e75d3a29e5650e0
- SHA1
  
  2c203079ef788c6aba1c078dd50c14ec2ff6fcb4
- SHA256
  
  e7da3c48c7c619b17a464339d8af9dfd23eac89f209ae150c9e06e4c3d4ebb31
- SHA512
  
  c66c2eca4e58b429c93d0522640156f6090b53dab3dd4a5254f533e9e129ef21540609cf1c42994c69416a6f0a7fde14d96d28b2047dfffbd336fa89dae31c32
- SSDEEP
  
  12288:/wCBtLC+EptUpQ9SeSChq3YvxFBSSRMT8PTp4ihozE58888888888888W888888E:bNzCtUpQ9WWPBSSRMTEpXN4
Score

10^/10

renamer discovery worm
- Detects Renamer worm.
  Renamer aka Grename is worm written in Delphi.
- Renamer family
  renamer
- Renamer, Grenam
  Renamer aka Grenam is a worm written in Delphi.
  worm renamer
- Drops startup file
- Loads dropped DLL
- Drops autorun.inf file
  Malware can abuse Windows Autorun to spread further via attached volumes.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Replication Through Removable Media

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

renamerdiscoveryworm

behavioral2

renamerdiscoveryworm

© 2018-2024

Terms | Privacy