Overview

overview

9

Static

static

7

b3a2239ecc...0N.exe

windows7-x64

9

b3a2239ecc...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    25/07/2024, 09:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b3a2239ecccc6c2542ec9c4911055400N.exe

  • Size

    16KB

  • MD5

    b3a2239ecccc6c2542ec9c4911055400

  • SHA1

    1ef165ff2c5c65c416493a5075930903c986853f

  • SHA256

    7822497a181d96ca7e62a0a326ba4cee83c1411924c3bbae6e4c119a442cd666

  • SHA512

    c70c480fc21b72a367b29f7ebea3525c5e8a2e05ebcd58db9ae93caf79892bbabbeac0e52fdf6232c312abd7d96637a762fafaea1f9a6a4dada8a98847e8c785

  • SSDEEP

    384:QOlIBXDaU7CPKK0TIhfJJcbQbf1Oti1JGBQOOiQJhJZH:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJB

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3340) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\b3a2239ecccc6c2542ec9c4911055400N.exe
    "C:\Users\Admin\AppData\Local\Temp\b3a2239ecccc6c2542ec9c4911055400N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp
    Filesize

    16KB

    MD5

    fe6b598632fbfd3388fda4d0be0279a8

    SHA1

    feda975b963b6b12812f03f8636c84c6e7d4f3d8

    SHA256

    ab28b6cddf9e96700a0c3e0cab3544bd36c6bbe049f11dd7737049f27efbc999

    SHA512

    eb70a14a32e75588c19926bd4f0879c167e6adbdc2978b21a44fe34500d0cf5628a745a4766de96da52d21623bb5c448055fbf9abac723f1a6e6ee0b08909e67

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    25KB

    MD5

    269fed2b800a02bd21c4bbef74465b10

    SHA1

    59061c965a961a38bf231f883b177d3bf0db6ef5

    SHA256

    93dbc492acce299b431015cd09b200d34dd9be66322eae535f157da7df9ab639

    SHA512

    8586acd403a507828301a29d38e7c1130bb6ac0f6327e54530b497b220beebbeb5b429eb57be1fff26167ac78dd2c1232948b745a953bf436d04f8cac320ac4c

    Download Submit

  • memory/2512-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2512-86-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download