Overview

overview

9

Static

static

7

f790f2276b...0N.exe

windows7-x64

9

f790f2276b...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    115s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/08/2024, 20:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f790f2276b556b1730347a29da9d4130N.exe

  • Size

    77KB

  • MD5

    f790f2276b556b1730347a29da9d4130

  • SHA1

    32e03ac62cdf72a7e3755204e0274f6d69fed4b0

  • SHA256

    a577c4eb5e56956145b062ecb136f66fa0119b58514b02953dbc65b5dc0d430c

  • SHA512

    18843b7d189203e0427899c7b06b7909d9dee3785779d7f69b59b2bc8b701f5ef41b3f32b71588383fd2aed0f1b2af263b991c92e8e711d048a1545ed53ae887

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8IZ4:fnyiQSo7Z4

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4572) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\f790f2276b556b1730347a29da9d4130N.exe
    "C:\Users\Admin\AppData\Local\Temp\f790f2276b556b1730347a29da9d4130N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3488

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4182098368-2521458979-3782681353-1000\desktop.ini.tmp
    Filesize

    77KB

    MD5

    d07ae0dc5d89933c85a62012eaa2eefe

    SHA1

    e96e15913e2b96a57b1ba73b8e8d9ba9e023911b

    SHA256

    f997d54597adaf6abe82fac5daec1fa50dc54d77164e01fd3ab7271c706b18d1

    SHA512

    271cb6cdc34b4e6f805d83b070958257bf733412b7919e7f44af7e2a20a86c33e2bceef694d23dd47be49900b10fa4a7d6083c762228efafb855adc4735cf923

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    176KB

    MD5

    49ece31c855535576691c5aa75476420

    SHA1

    3f7d76117f05ba54f9ef99867157bf3503f6da38

    SHA256

    44379ff000c7d26c8a55ebb81cd5e46c2056faf9fcb81ae727ee69bb2516dc46

    SHA512

    39c86fdf103e386f614fb171c5b5f255f0368ad67e45b17f6f0d0335d70350928e0eeb7368ee153918e4363f5c9baa608411a4cd3b10d7050b60c4664ebee373

    Download Submit

  • memory/3488-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3488-850-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download