Overview

overview

9

Static

static

7

d48e3f2e49...34.exe

windows7-x64

9

d48e3f2e49...34.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09-08-2024 02:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d48e3f2e49d47e4bce5465a17cdba696fade1a1fb82063add1140bfe7f1ec434.exe

  • Size

    45KB

  • MD5

    a2b2fcb327a9bfec7c3824004685b5d5

  • SHA1

    e78bc3fba7912c7a8e899c871c3a0ed0ea41838a

  • SHA256

    d48e3f2e49d47e4bce5465a17cdba696fade1a1fb82063add1140bfe7f1ec434

  • SHA512

    49aa64a2e0156bf0cf701acc67750bc27e2df80a076de4a4e1896cbcafb0dcaedf16e78b7a0859fa3a27ae22f13c77ec525c3ac89912399625420eb02b9bf1dd

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBR:V7Zf/FAxTWoJJZENTBR

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3808) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\d48e3f2e49d47e4bce5465a17cdba696fade1a1fb82063add1140bfe7f1ec434.exe
    "C:\Users\Admin\AppData\Local\Temp\d48e3f2e49d47e4bce5465a17cdba696fade1a1fb82063add1140bfe7f1ec434.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
    Filesize

    46KB

    MD5

    721fcb355c64deb9dd22c07017603b11

    SHA1

    045c2204767e098c3d0b4e6ffdd355fe6cb7a4e5

    SHA256

    08bead52a3be69801424642906ebcf32201308a50d6d3345753bc92dbfd50fa4

    SHA512

    672b52f2c63ad549c92209b06807794081fc64ac8d61509e8a4bde0b82f71dbcb17930569e7fce49102ead6867d6ae7c40ebf00af4ea80f64573ac3b24a14044

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    55KB

    MD5

    163258a2a7f39c6ccf5282097f2eacfa

    SHA1

    44d9682aff956797e66938a4d3668ef9384a89e1

    SHA256

    b41dc5021da03dc9a41eaed3093e3f071e7a57abda9e0a1eea4bc8bb9082107b

    SHA512

    8657a39a5c5c182ad976bf1f7122ad4350de6337e15cf2caea6212746b273df2c69a6c2b155ca7d8e6a1c2cb4c5569af44304421e09a6eb2b141e0202b359131

    Download Submit

  • memory/1780-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1780-660-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download