Overview

overview

10

Static

static

3

7ba9adc6a0...97.exe

windows7-x64

10

7ba9adc6a0...97.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    101s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/02/2025, 11:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7ba9adc6a0d487a4748d1a1474b07d359f4695d41841dfc920ff4eada910d797.exe

  • Size

    79KB

  • MD5

    0ebc107a0fb56d77759a635e9d043228

  • SHA1

    ec7a1e7132f5c3140ff06c542782388576a128f8

  • SHA256

    7ba9adc6a0d487a4748d1a1474b07d359f4695d41841dfc920ff4eada910d797

  • SHA512

    794eda52f2ff8b10518f59963ce6018b1b954a65bbe662d1b5db761f1ec9828cbdbcdff079fb39f08cf2ae151cdb3cc90c422501ace427637d20f502bffab9fe

  • SSDEEP

    1536:/tUknV9M6+ygXCNoNGtmFWZPhV8owtnMQPo9NSw249gdhwA2jeddMB:fCygXkoNGtmQZ5wbAzSm9gdhj2a6B

Score
10/10
seondiscoveryransomwarespywarestealertrojan

Malware Config

Extracted

Path

C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT

Ransom Note
You became victim of the GOLDENEYE RANSOMWARE! The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key on the darknet page shown in step 2. To purchase your key and restore your data, please follow these three easy steps: 1. Download the Tor Browser at "https://www.torproject.org/". If you need help, please google for "access onion page". 2. Visit one of the following pages with the Tor Browser: http://golden5a4eqranh7.onion/wm9hbfMQ http://goldeny4vs3nyoht.onion/wm9hbfMQ 3. Enter your personal decryption code there: wm9hbfMQGEp7MNLmfg9yZFafHx6paDNq4WJQucipUvvpVzDnCqMqUT7JxGYZQvrX7quM888cQYfTnHpAk6DE3hz8Hk3P48Ph
URLs

http://golden5a4eqranh7.onion/wm9hbfMQ

http://goldeny4vs3nyoht.onion/wm9hbfMQ

Signatures

  • Seon

    The Seon Ransomware is an encryption ransomware Trojan first observed on November 14, 2018.

    trojanransomwareseon
  • Seon family
    seon
  • Renames multiple (811) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7ba9adc6a0d487a4748d1a1474b07d359f4695d41841dfc920ff4eada910d797.exe
    "C:\Users\Admin\AppData\Local\Temp\7ba9adc6a0d487a4748d1a1474b07d359f4695d41841dfc920ff4eada910d797.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4156
    • C:\Users\Admin\AppData\Roaming\{da84c856-e996-41d5-8b56-a05c0f0a224a}\dtdump.exe
      "C:\Users\Admin\AppData\Roaming\{da84c856-e996-41d5-8b56-a05c0f0a224a}\dtdump.exe"
      2⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4968

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\{da84c856-e996-41d5-8b56-a05c0f0a224a}\dtdump.exe
    Filesize

    79KB

    MD5

    0ebc107a0fb56d77759a635e9d043228

    SHA1

    ec7a1e7132f5c3140ff06c542782388576a128f8

    SHA256

    7ba9adc6a0d487a4748d1a1474b07d359f4695d41841dfc920ff4eada910d797

    SHA512

    794eda52f2ff8b10518f59963ce6018b1b954a65bbe662d1b5db761f1ec9828cbdbcdff079fb39f08cf2ae151cdb3cc90c422501ace427637d20f502bffab9fe

    Download Submit

  • C:\Users\Admin\AppData\Roaming\{da84c856-e996-41d5-8b56-a05c0f0a224a}\dtdump.exe
    Filesize

    79KB

    MD5

    352fcd550dc1914cc824354b9e26a8ae

    SHA1

    79d2c760c65fd98c41e854d2a87ab2285f4c530d

    SHA256

    f721f57ca5130b8967dd75aed5808d252e7f85a6e3a2fdeb8da8ada717583754

    SHA512

    ee26593f12cd2e6f203e9237d9d0a8ffad0647b4536df4f0abb53f58aaed9324a29e8eabf12a327ea6904f53c9b896cd47abf524f8003949d8c9a4956eec3d00

    Download Submit

  • C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT
    Filesize

    778B

    MD5

    b94243aca0de3355fb94911221bdb983

    SHA1

    844516af10ca6f6faceb2d75135cb7ea8ece2d32

    SHA256

    6e784461881188dcce09036c25dcb42bb34eaf64337e865a31c410077d8adf72

    SHA512

    1eb06660a19098cb457afb4ae2642e28e20ece8f9fad013eb18573022dbe59ecc7ecfc612fa3de87196a67e993d411d63365e30dd5e1da9083c2c61b0d69a532

    Download Submit

  • memory/4156-0-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4156-1-0x00000000004B0000-0x00000000004BC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4156-11-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4156-15-0x00000000009F0000-0x0000000000A01000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4156-14-0x00000000004B0000-0x00000000004BC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4156-2-0x00000000009F0000-0x0000000000A01000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4968-12-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4968-16-0x0000000000590000-0x000000000059C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/4968-17-0x00000000005A0000-0x00000000005B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4968-18-0x00000000005A0000-0x00000000005B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4968-1648-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/4968-1649-0x00000000005A0000-0x00000000005B1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/4968-1646-0x00000000005A0000-0x00000000005B1000-memory.dmp

    Filesize

    68KB

    Download