Overview

overview

9

Static

static

7

6ad691142e...0N.exe

windows7-x64

9

6ad691142e...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    24/07/2024, 08:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6ad691142eadde0385d7905aec9d83e0N.exe

  • Size

    18KB

  • MD5

    6ad691142eadde0385d7905aec9d83e0

  • SHA1

    125590dce47f87efa6596b77dcfef5488b7ba447

  • SHA256

    6e45bb70588ef61cf038bf2ea867b039e1aadaa49305df8ad4e3a81bae6bc9ee

  • SHA512

    892d36d68cb69cdae90a46265521afc489682c005a52cf9f9acf2180eaee7cd014a323c96be6ba46bbb5f380129625e948d89a555760050970e550e866595c9a

  • SSDEEP

    384:QOlIBXDaU7CPKK0TIhfJJcbQbf1Oti1JGBQOOiQJhJZafN:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJ2

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3460) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\6ad691142eadde0385d7905aec9d83e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\6ad691142eadde0385d7905aec9d83e0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2116

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp
    Filesize

    18KB

    MD5

    b7c661c480fc6b4c28e312f231872f02

    SHA1

    8b6a7f33e4e6eede1d7615a10f80f08451c18802

    SHA256

    de1eb2a1f7f816da6cb2eb5994fe61b228b7deb0f75691656c48f0ff754e4a43

    SHA512

    8ed9c3248a66fe1797fc7213773b792a45e154c3d8e83ec83f4b73faf40f733f014003b68958816d5b8fa314b96dba7e0014198f11e6a432272d104e9b439c5d

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    27KB

    MD5

    21c98da7b3653b3f6845ae26059bf8e8

    SHA1

    241b340dc1fb3f27044a28e4df129c34690fbcdb

    SHA256

    1988ce47cbfa8c3befe02084f018021dd34a4b6349d16eabcf3292fdb9191d29

    SHA512

    9b81a02212ea97ea8a9514728ae2919447391e967ced12167a442b672f261c90054d7404339f86344aa6582d2d93d28ff11b3f5667d1b938680b6fc52032e377

    Download Submit

  • memory/2116-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2116-78-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download