Overview

overview

9

Static

static

7

d915d7aee6...0N.exe

windows7-x64

9

d915d7aee6...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    06/08/2024, 18:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d915d7aee61bd5723f44e86ec38f3e80N.exe

  • Size

    85KB

  • MD5

    d915d7aee61bd5723f44e86ec38f3e80

  • SHA1

    ed92a2a7c52333a8785d0dda74098e05b0a9f334

  • SHA256

    2801dccb31b3e9630e1250b537c0cfcd9092a2812c0284bc2f3022a255cb2727

  • SHA512

    818de3e28fa5b9dbec178bb1070545dde3c64d3d9dbf3ab395efd0d12a4f46b7219a5cabb5964ce26c79721471b81cf98e218fa3415ab412d98b022eae638914

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zx4:fnyiQSoJ

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3273) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\d915d7aee61bd5723f44e86ec38f3e80N.exe
    "C:\Users\Admin\AppData\Local\Temp\d915d7aee61bd5723f44e86ec38f3e80N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2948

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp
          Filesize

          85KB

          MD5

          52cfedb4b0a49615964802f586ce67b6

          SHA1

          54e78cad252dc0fce0336843d7d9ef31bedc9789

          SHA256

          7e694198f39d38ab4fc3b7d9f343878c3d9dba12d355102abb1be9c9a6ccff00

          SHA512

          e75dc8dc5e6495c56fdee581af5bd914cbb776fca58d8262f4425bd9e903223d59d4ba9fb7ad75dab7f8bbaf6758c8e0b7e8e83adb58def22955cfdde853e8fd

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          94KB

          MD5

          00c729d7f7dc933f04636a7a72dd7cbb

          SHA1

          6fc5b21f5a072c731c177f3f004a63cbabcb3e0c

          SHA256

          c3605f4773b066edb5e822ba22a1b38babacd658852030df9627abcccedc8344

          SHA512

          78dbecd3d76e853d0440e3af4cdd2298f8669d5c40fd6e9a18e4ff16002d8c1eef241860e5478f70873e03df3501d65a8528d900bd8923e2c38544cb0a1fe561

          Download Submit

        • memory/2948-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2948-672-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download