Overview

overview

9

Static

static

7

2851f8fe8d...dc.exe

windows7-x64

9

2851f8fe8d...dc.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    21s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    27/07/2024, 20:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2851f8fe8db87a7a63e535162fb740fd61f2410a9694ca78ece2e9359a7cd2dc.exe

  • Size

    48KB

  • MD5

    2100b66d879d3d58b13dd3ae37d5dde3

  • SHA1

    c2c1836a851c02768ca40a9592e424c8fec5ca01

  • SHA256

    2851f8fe8db87a7a63e535162fb740fd61f2410a9694ca78ece2e9359a7cd2dc

  • SHA512

    7d7d0465e7429001629be25f28394af80ee285d466a9a82bbeb15ba7f85da4516dddafc28c9b8ca936dc4a8255181657bd2ce99822afa4b365eed9e593eccc25

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFWo:CTWn1++PJHJXA/OsIZfzc3/Q8p

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (446) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\2851f8fe8db87a7a63e535162fb740fd61f2410a9694ca78ece2e9359a7cd2dc.exe
    "C:\Users\Admin\AppData\Local\Temp\2851f8fe8db87a7a63e535162fb740fd61f2410a9694ca78ece2e9359a7cd2dc.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2452

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
    Filesize

    49KB

    MD5

    3799b79f83f91f09b476f5a15812d07e

    SHA1

    06a81dc675cba2d96ef9ac8fa2707eb52e09aca9

    SHA256

    6a32aed3ba32e019e05f19804d55f055dbd04454208cad80ba6b0afb590c0aaa

    SHA512

    834dfab710e0344d156de63fdd9b7fc6f5d89553f6ac95f72eea49b8d8938459ad98d817e6cc55c5bba4c4affcf834e2f3bdd0ce46f771f577d9c046d5319589

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    58KB

    MD5

    2f78e1284ef2c000ec255456155fb8e5

    SHA1

    ca98c3cbb88d20e4f2ed4a2d7c30c5b706a9365d

    SHA256

    fb9a5083a1a2c0517e31b1b1a3935da886e7ac26a4f4607de1c854ace838f8ae

    SHA512

    6e76815be11ecb27ae26e8d5c49fb31788f8ca9799cc335f4c593cb44185e473b6cdb6d98bb6c65c43c9908dce13e51c1563d91c6251cd103524471fc81b7dcc

    Download Submit

  • memory/2452-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2452-18-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download