Overview

overview

9

Static

static

7

d1206147d4...0N.exe

windows7-x64

9

d1206147d4...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-07-2024 12:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d1206147d487ab9a374c8e782cbba290N.exe

  • Size

    72KB

  • MD5

    d1206147d487ab9a374c8e782cbba290

  • SHA1

    7d80c891085889affc57de51de58d1b8ae247ebd

  • SHA256

    d4ffb032b799a05f09ec0c50149de251f1c80b6d3892976605b45d6e7366f8ec

  • SHA512

    668481bc41aa206eb92348a8df06bc953a96ef4a55157aacbd9b11aebbb82dc3f05dfd96898840c8dc847eb0086f57d40e5d4c80759324bdd4621be230bff955

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxY51:fnyiQSox51

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4316) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\d1206147d487ab9a374c8e782cbba290N.exe
    "C:\Users\Admin\AppData\Local\Temp\d1206147d487ab9a374c8e782cbba290N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4368

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-464762018-485119342-1613148473-1000\desktop.ini.tmp
    Filesize

    72KB

    MD5

    8885420418570cc99815e8c14beb55c7

    SHA1

    c86ba675afec531db707b0968bd70afcb03580fd

    SHA256

    a5e4e7b7f4492d8dda4762a295b684357b1dee15c0e20242e915a80a8a26f68e

    SHA512

    e0abcd9681b3823512ee560024ede1cfb9f1889dd2bad5f5a89c95f76b409c14b7a0f70950ad14a442fc36d037a7528f8acb70121117034a292d892bb69df294

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    171KB

    MD5

    9255df38a8d51ebea15bb7f412bc8af4

    SHA1

    221981659dd66433cf7fac8555088c3c82ce4517

    SHA256

    a088fbb32def3d66cfb8e952df7015209461f64ec6eed5e9c17c1a9cc207fcda

    SHA512

    bc9e0651dbc8f33fa2c992d07c470ba3ee964871901f12624ddf357639905c4da2f32ce1ccec98ad6b6e491f446c2c89aad55773370f383014e15187d4021833

    Download Submit

  • memory/4368-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/4368-1784-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download