Overview

overview

9

Static

static

7

1889945e45...0N.exe

windows7-x64

9

1889945e45...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    05/08/2024, 22:33

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1889945e45b3a37c1e24998009977190N.exe

  • Size

    68KB

  • MD5

    1889945e45b3a37c1e24998009977190

  • SHA1

    53409a3161536a66aa6841de126490a7082a38ff

  • SHA256

    a8ac4aac262ffc6e906b1b1f42383cf60b3d5cb2f7921a56953a1bfc5bc24f66

  • SHA512

    1f56da1553abed7a1d6bd5102278e33a4b4c81a2f2edaf0505ea57c67d1c0a2f03ad0d27f4e2c41d6d481ac1182b11c6d7e5b81c9af40bfc73f3f87a99909930

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8+v:fnyiQSoR

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3155) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\1889945e45b3a37c1e24998009977190N.exe
    "C:\Users\Admin\AppData\Local\Temp\1889945e45b3a37c1e24998009977190N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3052

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp
          Filesize

          68KB

          MD5

          e97df38d16e4b18bd0c260ddcbd7946a

          SHA1

          765a0dfc847d8df96d4a554322123f138ec093d6

          SHA256

          cd860905d8654ce8bde763f4d685f9572af986350052afc2b6668ae8745b41d0

          SHA512

          fb96d419f682fdd012f9a1566a72206152703668bd73f12f4d5e63113c40ab68b470646040fe574a7683a2af4a8f372ecc1629f3a893acba4d67d4acc6588ada

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          77KB

          MD5

          cce2355289a42246efd3ed6c6973d04e

          SHA1

          54ee44cb228df4c6530c4d3b7085d30eab1c1ea9

          SHA256

          fcad52bb9457186c57a57f54b5c514c9fbd1bdd9da566a0522011f8298e6717f

          SHA512

          9a029518e07a4e51f22a8df3d16fa2837c1da3148b02d9fddb9f8bd2b3442a0bea586423e97dc4870f6cc44bef03152908d60a679c650602ec335b1dfc04b85a

          Download Submit

        • memory/3052-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/3052-654-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download