Overview

overview

9

Static

static

7

9945e185b2...0N.exe

windows7-x64

9

9945e185b2...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-07-2024 05:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9945e185b2865261ba9d3e83d22396b0N.exe

  • Size

    120KB

  • MD5

    9945e185b2865261ba9d3e83d22396b0

  • SHA1

    487ec5def5bb041074518a2dc641766b345b577c

  • SHA256

    58b64a29c7e31d1d17551c36ace7e5ac062a1e3facb37d4d500eba8d4b3582a9

  • SHA512

    8e5449e118020ccedd6381be64e8f072f7998c47fffa1c8303bfa385f78b9904e4fa611d7270b779d0ce3a8f9adf2301eaab3af30835c9eb65adaae1824066bb

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8asUsK8/8HTWn1++PJHJXA/OsIZfzc3/D:fnyiQSohsUsxkDQSohsUsxkE

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (1893) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\9945e185b2865261ba9d3e83d22396b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9945e185b2865261ba9d3e83d22396b0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2312

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-464762018-485119342-1613148473-1000\desktop.ini.tmp
    Filesize

    121KB

    MD5

    f0051ce9d46328976f6a79ac3f57c408

    SHA1

    f843999beacb35e27b2a8f1368ac9a74df2745a1

    SHA256

    c90b096d84f9a792a32da35cdacd05e7bfbf7e5ac8eec93588326d40d5ec938d

    SHA512

    31b85c2443bdec38052b99ed9d7dfdac3821f62c23355bfff8a4c4e4daae7b5140e281201da89222300fc5bc24d378fc9bbb81f3c1fb2cec4f1163290f71f327

    Download Submit
  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    219KB

    MD5

    b4f75bbcefbea980c8afc3900875c6f1

    SHA1

    94491a78a4f47b7ddc74b21cffe1641db830d505

    SHA256

    603700019f675c9655fa091456fea80bd75d2ee69c67f9d432977c9c82e02e73

    SHA512

    0a98bb17bfb2343579d545384d682157e9f7bab35e5010cb951139f53d7045b95717557a58130249c685b5f6b10480d0273fa1a22e1009628eaed32fa68033a6

    Download Submit
  • memory/2312-0-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download
  • memory/2312-1402-0x0000000000400000-0x000000000040B000-memory.dmp
    Filesize

    44KB

    Download