Overview

overview

9

Static

static

7

49875c1b20...0N.exe

windows7-x64

9

49875c1b20...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    16/08/2024, 23:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    49875c1b2073f00582ad092c29766050N.exe

  • Size

    74KB

  • MD5

    49875c1b2073f00582ad092c29766050

  • SHA1

    be6496d63535dc4ec1b4f2e9a5d206fb2ad006d5

  • SHA256

    5fbee1d0bdeca0280f261bd9c970b112fee53c569f9864884bafde1daf1c15e7

  • SHA512

    f86e354cb81c04ec12de9bc4c5a29a99916e1ecf5207cb2b81a71d79126a179bd24beafa0ca8332d8c171880701b5d401f6b121647193972752ccf7f7d4330cc

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/tinWTWQzdS:V7Zf/FAxTWoJJ7TTQoQWKQzd+V

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3197) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\49875c1b2073f00582ad092c29766050N.exe
    "C:\Users\Admin\AppData\Local\Temp\49875c1b2073f00582ad092c29766050N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1960

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3450744190-3404161390-554719085-1000\desktop.ini.tmp
          Filesize

          74KB

          MD5

          a8b840fcd68333ca8a60024278550154

          SHA1

          bfabb6d85d55b5dd6d514200fa4eadbbc66e260b

          SHA256

          7d7ac50f789cbb345c082b3ae771e2b042b9ddaf6230bb2433ca1f216bdf9ac8

          SHA512

          78325e8a54d2a6dc4b8fcd4a11f4a44458d8070a8b12bd0e1c955a0c5d56d4cca81abd3746f4ef3d3e07253dc1b69c753be917e4983f599aef433b103111ee3f

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          83KB

          MD5

          1dd3bba1d367c2ece4016cc23bcf9561

          SHA1

          cdc7a6ce326bd528a2a14499b5d5e8cf8d86a362

          SHA256

          067584555837bae58dfd7842fa67654900bbb56a32698dcc0aa0d4689213f3eb

          SHA512

          80ac5fd24a76f470a55a188b4aef992a9bb58e704ad23af8441bbc7505b478ff19ca67b71ea7f99ff513d2c9137e5306ab418898e7aef33daaf68b7ffbf29fab

          Download Submit

        • memory/1960-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/1960-72-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download