Overview

overview

9

Static

static

7

3eacfdf72d...0N.exe

windows7-x64

9

3eacfdf72d...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    24-07-2024 02:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3eacfdf72d1b76d56150ac5ac70175e0N.exe

  • Size

    57KB

  • MD5

    3eacfdf72d1b76d56150ac5ac70175e0

  • SHA1

    c298493407bc9bf659344ba47d8baa6df0327b40

  • SHA256

    af401ccff2611e500ca170cb4b6c196a6dbe3be46e7e3bb8379aeb6d40605bb8

  • SHA512

    9b2e08a5b9de856601b86ceaa1d5e956d740e3afacecfeaca3b579f695f54bac37574f0d706728804553351b017ac6df2bfb1de0d4dabd6c203d8377f51e9bb8

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFIS:CTWn1++PJHJXA/OsIZfzc3/Q8IZf2Xcu

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (306) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\3eacfdf72d1b76d56150ac5ac70175e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\3eacfdf72d1b76d56150ac5ac70175e0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2376

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
    Filesize

    58KB

    MD5

    1acdeaeccfb59ac067fa10491c47b93b

    SHA1

    b79012c26ccfa724828af396c92fd2d615b8e0a5

    SHA256

    2c6cd250d6c5b3427587b6fd4bd4cb0a16129464ecb860d7864d76597bd00290

    SHA512

    8cfe516dcd682ce063960e53d2381beee77cb6e2ce428aeef4d0a1567ae7ff598f407cd9a527551700b00253dd498906915de4d2dae386e4c9fe91b6c5bbeeba

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    66KB

    MD5

    d987e4ed1dfaf40a93ed4efbea95ee1b

    SHA1

    787a3993dacaf7529a6fcb9ee8928209e6a6c0b9

    SHA256

    48758c4785fe8eb759ba0515f2fa9eb93a3562cf2142099b8f7f02d82f7eb408

    SHA512

    59f8c45ce5e1402dadfbce623888ca423f5406d865ff9eb39fff05b947174f4b148c38b2d82b3412eef245a162647eb2903c51051d8e76ac9cb95934d51798a3

    Download Submit

  • memory/2376-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2376-26-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download