Overview

overview

10

Static

static

3

964b5abe39...7d.exe

windows7-x64

10

964b5abe39...7d.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    07/02/2025, 03:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    964b5abe3924a2efc07a955cce450291d880fe57be49018446143f9f3dcf0d7d.exe

  • Size

    79KB

  • MD5

    322d73ea4ce5be6637f635125abee0d3

  • SHA1

    7f6f6c2813768a8df111aad1ebec01b43a6517d3

  • SHA256

    964b5abe3924a2efc07a955cce450291d880fe57be49018446143f9f3dcf0d7d

  • SHA512

    27bebd8c71ac842146c8a599e23f76b7b648e59ee1df951e577a15ff8b40140a109566f66efa40e2465fd29a20a89f450404ec0b3a4c253dbf564fbbace1d1ad

  • SSDEEP

    1536:/tUknV9M6+ygXCNoNGtmFWZPhV8owtnMQPo9NSw249gdhwA2jeddBu:fCygXkoNGtmQZ5wbAzSm9gdhj2aPu

Score
10/10
seondiscoveryransomwarespywarestealertrojan

Malware Config

Extracted

Path

C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT

Ransom Note
You became victim of the GOLDENEYE RANSOMWARE! The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key on the darknet page shown in step 2. To purchase your key and restore your data, please follow these three easy steps: 1. Download the Tor Browser at "https://www.torproject.org/". If you need help, please google for "access onion page". 2. Visit one of the following pages with the Tor Browser: http://golden5a4eqranh7.onion/t9ehgJ9b http://goldeny4vs3nyoht.onion/t9ehgJ9b 3. Enter your personal decryption code there: t9ehgJ9bdVdM7zc2fFusYVqDFX4xidas4MFtQ6Z9j2uG5H9AvtrP86aMeYPfA41F3Tn75qizTUanfT6jfFVzvjYNrm36iBnN
URLs

http://golden5a4eqranh7.onion/t9ehgJ9b

http://goldeny4vs3nyoht.onion/t9ehgJ9b

Signatures

  • Seon

    The Seon Ransomware is an encryption ransomware Trojan first observed on November 14, 2018.

    trojanransomwareseon
  • Seon family
    seon
  • Renames multiple (184) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Runs regedit.exe 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\964b5abe3924a2efc07a955cce450291d880fe57be49018446143f9f3dcf0d7d.exe
    "C:\Users\Admin\AppData\Local\Temp\964b5abe3924a2efc07a955cce450291d880fe57be49018446143f9f3dcf0d7d.exe"
    1⤵
    • Loads dropped DLL
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:1904
    • C:\Users\Admin\AppData\Roaming\{21f23e3f-f75d-4816-9dce-8bb9522d6b78}\regedit.exe
      "C:\Users\Admin\AppData\Roaming\{21f23e3f-f75d-4816-9dce-8bb9522d6b78}\regedit.exe"
      2⤵
      • Executes dropped EXE
      • Runs regedit.exe
      PID:2796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\{21f23e3f-f75d-4816-9dce-8bb9522d6b78}\regedit.exe
    Filesize

    79KB

    MD5

    322d73ea4ce5be6637f635125abee0d3

    SHA1

    7f6f6c2813768a8df111aad1ebec01b43a6517d3

    SHA256

    964b5abe3924a2efc07a955cce450291d880fe57be49018446143f9f3dcf0d7d

    SHA512

    27bebd8c71ac842146c8a599e23f76b7b648e59ee1df951e577a15ff8b40140a109566f66efa40e2465fd29a20a89f450404ec0b3a4c253dbf564fbbace1d1ad

    Download Submit

  • C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT
    Filesize

    778B

    MD5

    9ed5cd06f2509506d7ece523e0e301a7

    SHA1

    ece3d1edcb7d8f6f5bb890e56c6d63dd332b9527

    SHA256

    d22f3339f69253cfc02d71bbc79fc519c39850ede340de3dc59cf381d6f5fc8b

    SHA512

    23775c1f110803e37ea5a40280643d464476d4eedecd3a52a3f9ef5e320bf7f73b0fa1bb6563d22c7135adfca43d048be4370503a74dfb481af7a0255982f7c5

    Download Submit

  • memory/1904-16-0x0000000000240000-0x000000000024C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1904-0-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1904-15-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/1904-2-0x0000000000250000-0x0000000000261000-memory.dmp

    Filesize

    68KB

    Download

  • memory/1904-1-0x0000000000240000-0x000000000024C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2796-17-0x00000000001D0000-0x00000000001DC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/2796-18-0x00000000001E0000-0x00000000001F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2796-19-0x00000000001E0000-0x00000000001F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2796-393-0x00000000001E0000-0x00000000001F1000-memory.dmp

    Filesize

    68KB

    Download

  • memory/2796-394-0x0000000000400000-0x000000000042C000-memory.dmp

    Filesize

    176KB

    Download

  • memory/2796-395-0x00000000001E0000-0x00000000001F1000-memory.dmp

    Filesize

    68KB

    Download