Overview

overview

9

Static

static

7

cd8b60a6a5...0N.exe

windows7-x64

9

cd8b60a6a5...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/08/2024, 02:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    cd8b60a6a5ff694b8491c45fa0cb6c30N.exe

  • Size

    69KB

  • MD5

    cd8b60a6a5ff694b8491c45fa0cb6c30

  • SHA1

    c9d411e02f7ed6a7e011a6aed38f011591f46333

  • SHA256

    a7b9983f9a69f421b96ac34d740ca5976001ebae07daf4744ff7679ea211cb7a

  • SHA512

    7e4dd888f5fc2bdc9b865eba0a3734123c1c40bdf162597b755ae2452054448b9c8b3eeda1e8da64043ae2b13a66f85e626f30806b9f40aa41f4d1300fcc9fcf

  • SSDEEP

    1536:a7ZyqaFAxTWH1++PJHJXA/OsIZfzc3/Q8Q8/8fCZ:enaypQSoska

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4660) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\cd8b60a6a5ff694b8491c45fa0cb6c30N.exe
    "C:\Users\Admin\AppData\Local\Temp\cd8b60a6a5ff694b8491c45fa0cb6c30N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4328

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-523280732-2327480845-3730041215-1000\desktop.ini.tmp
          Filesize

          69KB

          MD5

          c618df8d9092cf5cab410c3803bbb842

          SHA1

          4343fa5da1f445c7962a15ab511798b098b5bf9c

          SHA256

          f181106763fc1bb5b3750ca5a6505fe3891dffc098ec757951a4ad4ce66ce045

          SHA512

          2edee6c78b968e9f8ba1f79efd985883459c14ff72936ed7204057748be081b50d0ceb0153870919fd946a07967b7ca38c68004399814b25d605bd63ba036e5e

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          168KB

          MD5

          4fca82127b14f389ef03a095dcf0ceba

          SHA1

          a623ca98c50e33a402cf6ce3478de16c641aad07

          SHA256

          1400ace860813c54891ea37724a4df8ec44eba532929b4d503ffffbdc37752f2

          SHA512

          f6fccd8880d98bfa61c6e570c87dd52412c99d7b2c4b2c9c0bcced9738bdf52c34c9570bec0f91ce63d27d8a521ea50015b2520f210bf7fc0278ef31a2b0c915

          Download Submit

        • memory/4328-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/4328-1914-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download