Overview

overview

9

Static

static

7

37d6311a4c...0N.exe

windows7-x64

9

37d6311a4c...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240730-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/08/2024, 01:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    37d6311a4c2eaf84539389b8ca134f40N.exe

  • Size

    98KB

  • MD5

    37d6311a4c2eaf84539389b8ca134f40

  • SHA1

    ed6ed32238b29a3233acd18a84d6368ab5376b4b

  • SHA256

    f6db5f5600fbdba1a1d1be40bbc0dc046eb6683e9138150e9ffdf103ab16725a

  • SHA512

    9a27f3c24ebbb9d06debf946df5f48655493ef10a97a8301e4b18470ad53844d65618b2985a482e457045eb58ba1dcd5b0428e729b9f2abb4691b4ff262164fa

  • SSDEEP

    3072:fnyiQSoJUBM+PocOQejPdMRAHAASnnD5D5172HyZU3YF40S5DnumSFDnDHaJP1Bo:KiQSo/U

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4320) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\37d6311a4c2eaf84539389b8ca134f40N.exe
    "C:\Users\Admin\AppData\Local\Temp\37d6311a4c2eaf84539389b8ca134f40N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1508

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2951562807-3718269429-4208157415-1000\desktop.ini.tmp
          Filesize

          98KB

          MD5

          f2e1deacaf3fce0b97a018565cdb14a9

          SHA1

          ca910cf3ef3b2ed730ea2b3f179f79aa604a9bc0

          SHA256

          a3a65e93a68a03841cbd4742b4c0cf4b21ee525ef35ab6be18be59124fac5bbd

          SHA512

          b0cadabc7579096542802de5eccb9c3a4f29f73a2800ca92142f7cd514741e31a568e9f2c58e75add6b20d786a3f0094a54e0f0c44f794d9ac2c0bffaba37491

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          197KB

          MD5

          ccb475de26be185868adb1f5d6d8bb42

          SHA1

          17ea3e694357e0fcfbd1bf5f87ac8a7c8a6280d4

          SHA256

          7ca4338709ce806cd9ce880936de97d1c53d860d9aab49bef52ffc580334b3f3

          SHA512

          8722881e2cc9749254290d5a5d60296f624b6892624f768ffbb300325c6603e71c56c03a8ed1a13ccc88eec22aae2d570700af5fa74a2f68a87b3a84bf3c94e4

          Download Submit

        • memory/1508-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/1508-1786-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download