Overview

overview

9

Static

static

7

8d0df181a6...0N.exe

windows7-x64

9

8d0df181a6...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    06-08-2024 09:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8d0df181a665dec658cf2c53e68d9120N.exe

  • Size

    90KB

  • MD5

    8d0df181a665dec658cf2c53e68d9120

  • SHA1

    77326691866fc49ce3ca716b63a0e1ca39436261

  • SHA256

    358c8d36b69a99dc48d4c700f50932f986866714d5328efb650585eab264d42d

  • SHA512

    4d0886c3f51c34fb388da82c8ec8f7bcebaf7f11491db2e597b1e1128924cce3c7f2bae760cb6db4482f1a5f0c91c4559bf2b0cb70ba5bb8e8e49a9bfc55351e

  • SSDEEP

    1536:a7ZyqaFAxTWH1++PJHJXA/OsIZfzc3/Q8NCuXYRY5I2IHD0N:enaypQSoDuXuv3HD0N

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3098) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d0df181a665dec658cf2c53e68d9120N.exe
    "C:\Users\Admin\AppData\Local\Temp\8d0df181a665dec658cf2c53e68d9120N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2680

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp
    Filesize

    90KB

    MD5

    64926cc101a17d390ded0523d82a29af

    SHA1

    131c500bd129f2ed1bc87bcc9eadd1593a2de2bd

    SHA256

    273d7d6ba07807cd85a15096b1315fcba7a755a3241eb582805056af0c17537f

    SHA512

    1e8cd6ee12aae14b4ded796820b5c2db065accfadff4ad77a3fa96ef90f2dd846f8412362746b6bd9f05f052db08ccbc93fe3ae7739af6b84527a86b984456c8

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    99KB

    MD5

    f4c43c5e0e30ef1832b3fbf60d0040bb

    SHA1

    aeb1119ff75d14cb55b307628c1c47558a775ed7

    SHA256

    468d38d7b3eab6d0740d41e91f6089bd6f1165d785eb8a5a2594a31555a5ef5d

    SHA512

    b64dcf6c4aa8f983676378687f91e01a3d5acfe829a794b689b8ba93052578cc900a3fe7d3250e2f11bfe37b1c3cb7ecdffe9164ac61d8e4205d5c92dc60ca0b

    Download Submit

  • memory/2680-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2680-654-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download