Overview

overview

9

Static

static

7

a832f5bc51...0N.exe

windows7-x64

9

a832f5bc51...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    14-08-2024 02:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a832f5bc51040079adaaffa34009aae0N.exe

  • Size

    69KB

  • MD5

    a832f5bc51040079adaaffa34009aae0

  • SHA1

    7a63ac94a5f1d994a6b50b420d296a89cdc2471b

  • SHA256

    b9931a6cc49128e9bfae127e4ae036290d3bb8b3058ffd72e8e6118ed9372c49

  • SHA512

    17c9678d9a8ee4d709f8af91a21233b4b10ec64843b68acc7f82eed7a2daae190836179871a6ee1e2a40cb9f804da08112b1f3c6e22feb3d283364c0fde98864

  • SSDEEP

    1536:a7ZyqaFAxTWH1++PJHJXA/OsIZfzc3/Q8Q8/8fC3:enaypQSoskE

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3277) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\a832f5bc51040079adaaffa34009aae0N.exe
    "C:\Users\Admin\AppData\Local\Temp\a832f5bc51040079adaaffa34009aae0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2700

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp
    Filesize

    69KB

    MD5

    3df282875a61ab218d50d48d30e6d5aa

    SHA1

    4e9f5e39e9bfaff671885381ab32a9986d6910f9

    SHA256

    7a562dcb6e672b3594754f835514d7d1e553aadadc0e4d730fd4119d4dea1479

    SHA512

    20d535c1e73eada9c5b6980553a1058ce74653e59c7803ee646f46bb577277ed130d6cbd0199161d007e268f64f19093eaab2870f5204929d73d63e6a8866a2c

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    78KB

    MD5

    704c5be886e7f7d2b481ecd597328d68

    SHA1

    4c4d7f70e1d849650686f362a1cede7c13ebdda6

    SHA256

    87dcd0230545d2d97f3220facccfda7b57b9c447184be47231db80cf1323beb7

    SHA512

    555da1e9da07c9d3f07dd11c77e3eedc2d8e2b76bfdb5b196ab900bb558eda956b8db97f258237efe0be33a9ba69142eb115bfb5b7e45c339bf48ab5715b458e

    Download Submit

  • memory/2700-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2700-666-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download