Overview

overview

9

Static

static

7

8330a8e57f...0N.exe

windows7-x64

9

8330a8e57f...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    118s
  • max time network
    23s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    27-07-2024 02:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8330a8e57fbab8792504eab3353e8780N.exe

  • Size

    28KB

  • MD5

    8330a8e57fbab8792504eab3353e8780

  • SHA1

    a219458de9aa1e471f77a77d6fbcdb8102f4e31f

  • SHA256

    14fb24628b6dc043bf7edf86f727f1224177ebe527d550b7d7d92b571ea8c578

  • SHA512

    4e7158ea7bcb4f11e946ae97e579bfd0944f61988bc787519e562b16e831b84ddef86cafcff7e0cf7b77753ae7f6451b330a6cf38a486e3001c9a1a906e51e4c

  • SSDEEP

    384:QOlIBXDaU7CPKK0TIhfJJPbUEobUE51lAwWskdAvIMskdAvIs:kBT37CPKKdJJTU3U2lWAC

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (2694) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\8330a8e57fbab8792504eab3353e8780N.exe
    "C:\Users\Admin\AppData\Local\Temp\8330a8e57fbab8792504eab3353e8780N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:804

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp
    Filesize

    28KB

    MD5

    fe64ae773639010d348eff3b3e108639

    SHA1

    9c031678c454fa6dae2fffe9ae5d7cf499530510

    SHA256

    a2a96354364141b2aa560f1c58dc73319d36bc1f737dd4a0e6d6aa94a6437502

    SHA512

    72d5b29e9ec6bce1ad59832cc94baab70b6425bea53aa36e89b3e1bd49fe8574ddfcaadd0f777f4e5b0d77c8d3868d325b8874df30053f47fabe65ed1295ce1e

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    37KB

    MD5

    5bcaf0e47c702f81dba379084e82d18d

    SHA1

    7c4e98da8df7f90d7d869940d0484186666b4bea

    SHA256

    be3a7b27cf42349ffd336d537105800fc46d73054c52a2e8827388cd6627a01d

    SHA512

    5e0c345ade76852183e25fd25914e638471eea2fc06fd8cbb7fef95710b7b09c649694cdb52761da655d2370dc9295de5452f3b9ef883946fba0bd121e2c96a2

    Download Submit

  • memory/804-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/804-68-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download