Overview

overview

9

Static

static

7

b09bb37957...0N.exe

windows7-x64

9

b09bb37957...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    27-07-2024 09:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b09bb3795701ed83d4b4e3c925d21cc0N.exe

  • Size

    146KB

  • MD5

    b09bb3795701ed83d4b4e3c925d21cc0

  • SHA1

    bd81d8be11814bb676e520ac55a1fd4c59abd42a

  • SHA256

    75ac50dea422e3eb59804b5322f2a83962eced0330577abf0d3e1a765b53e1fe

  • SHA512

    ae90383a3e91ca07c155392985f39d869a25e79fd83df77630734133edf2a2d34c14e603f91c734c114236e23e0b1ec9584515ae1abc109ef6c54547f94b586c

  • SSDEEP

    1536:V7Zf/FAxTWoJJZENTNyl2aP7kLfQOVvZQh2bAFq:fny1tE42PVw2EFq

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (2082) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\b09bb3795701ed83d4b4e3c925d21cc0N.exe
    "C:\Users\Admin\AppData\Local\Temp\b09bb3795701ed83d4b4e3c925d21cc0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp
    Filesize

    146KB

    MD5

    96f273c88689045891bc07ba29c5e333

    SHA1

    f2aafaf613c71584d032f0a847f47e38bf3dc782

    SHA256

    16dcb67fdf1b4a3dfc546d7462117e8707e06a7dba276550a636c8a4673af277

    SHA512

    c5b8b9de739d7ced80561743fbc7036cc9bf72dfba2e8fdf9de5611929fe1ad89f1299a43b4f1d0fb48328c2f06c3c678f532633c43e1d7ab2fdf45e650b4d05

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    155KB

    MD5

    8c76681d9fd678d17a409c252d2fe5f2

    SHA1

    4407bfd3b2c7f96aa284d712595347d70ffd86d7

    SHA256

    cd7ecd16c7c20a83c93a09fba0e1e19b5a0413fa6d242911065609a9b33298df

    SHA512

    13c97b5754767112e48ea086a20f7de060b20c0f785b67ba94476ee9dae0d4463b83b570f486e261730bfbf703aaccb070cd321a02e9c1470aaf45a71e374ff0

    Download Submit

  • memory/2636-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2636-160-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download