Overview

overview

9

Static

static

7

9d1e1f8553...0N.exe

windows7-x64

9

9d1e1f8553...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-08-2024 04:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9d1e1f8553781765ec5f3a317241ae50N.exe

  • Size

    73KB

  • MD5

    9d1e1f8553781765ec5f3a317241ae50

  • SHA1

    eafd3e560757c3b75ab4ceae501136e1d43a0abe

  • SHA256

    6231663c7d2629387c6c083bc778d3d9e4eaea58b4756189460d46904d65e5af

  • SHA512

    f0c6852ed67d19ee955cb5d6e4150e0a718fdc532dd9a85869041c91ee110a05411f1f5bfa293d3a0fab61385b837c86b98715dec2be292ffeeee102971fdd8a

  • SSDEEP

    768:a7BlpyqaFAK65eCv+cIA0fm7Nm0CAbLg++PJHJzIWD4adZdhAIuZAIuniXKqAJxU:a7ZyqaFAlsr1++PJHJXFAIuZAIuO

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4639) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\9d1e1f8553781765ec5f3a317241ae50N.exe
    "C:\Users\Admin\AppData\Local\Temp\9d1e1f8553781765ec5f3a317241ae50N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3204

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.tmp
    Filesize

    73KB

    MD5

    a2ef641ca9481f9ac05a9b7e6eb8920c

    SHA1

    530b85b307d087bfa21233091f852a1ea67700d4

    SHA256

    220f083ee69b9df45cdb775371a38834ee7facf7d8654867b2fc05fd5afd3fb1

    SHA512

    1e64ff41cfdd382c0f320cc30395780dbc0b184a799fc0f531932482f1e5acbdd1dbf83cf6160097e95f69098fcfaa6cdb92341baf77fcd0b1ca32ee4a9539fb

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    172KB

    MD5

    d51854d494831b6be6ad6a08e187c733

    SHA1

    6961dfd306428099039020b2370c41c3c8693c13

    SHA256

    a160a9682b09960950417e4606522994eca83c31ca079a0e98f0209e0c669772

    SHA512

    2d84397b753b446cdf555ddc5ba37e348b86d2da68b483676950a3f2ecc297c0cbf6d9783b3f35c37fc4313e497424642e683f55d98bc84aae426a407ccbbe66

    Download Submit

  • memory/3204-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3204-888-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download