Overview

overview

9

Static

static

7

132110b1fb...0N.exe

windows7-x64

9

132110b1fb...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    27/07/2024, 23:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    132110b1fb0f321ff7bf7af41e40d160N.exe

  • Size

    924KB

  • MD5

    132110b1fb0f321ff7bf7af41e40d160

  • SHA1

    96d9b3468eac437cd0d3b077152ee4800556b688

  • SHA256

    baaa7bd6789404e4916e2759b94ab1a345beadf6ac5a36b0d585b9f5edf5aed0

  • SHA512

    6ddaba233228a0802cf50dff99653f696c60ef323c2006b0184daf91a893734cc11d3a15aed23103831eeae7f5f148d89278abdc565a8e1c04f3173939eef6ac

  • SSDEEP

    24576:p5MTl31GZzzye1kWkhCkhVvlQuLM4paA24QQ0gaiirmMzQlVWTnk7ZqDy:rdzV/Vg7

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (289) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\132110b1fb0f321ff7bf7af41e40d160N.exe
    "C:\Users\Admin\AppData\Local\Temp\132110b1fb0f321ff7bf7af41e40d160N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2072

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp
    Filesize

    924KB

    MD5

    f226fcc754c1a85e3de6e92b16eb1869

    SHA1

    39d355f44d841b4e9da761d37e0153bd69aef1e7

    SHA256

    d4eb7c96423aecb846e5c541c00b2fca0d4ab14f8c4e1f16db4a2b0ce874b31d

    SHA512

    a9b0fb35fa6b2325f6cb50d8b569b8c79eb86057979eafe07bf97bf05c698ad33674541e2187e612acdf3ab9b300b820bf5db3d813a524dc876e96df0ea138db

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    933KB

    MD5

    c678a6734158660893e5d3dcffbe651e

    SHA1

    9e98721418f0bb8912bc9f2d25c7a6fafcc00ea4

    SHA256

    b0356371953cf13688803bf5ce33aa5cbe235d7873ccc9bf462ebb72cfeaf4fb

    SHA512

    7d8f5553d93e8f1e23b8533da1bd9df68093bb8da81a8d57e0f4ca628812243e344151848570a4e74645c3503d7b10eacbf0088ab3c0a7bbcabd8b70d0bc950b

    Download Submit

  • memory/2072-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2072-130-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download