Overview

overview

9

Static

static

7

bad59e53bb...0N.exe

windows7-x64

9

bad59e53bb...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    18/08/2024, 06:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bad59e53bbb37d537e7ccd8edb6a1700N.exe

  • Size

    85KB

  • MD5

    bad59e53bbb37d537e7ccd8edb6a1700

  • SHA1

    c59346a8d2b1cf98fe97c07fb0c8d3a59b45deae

  • SHA256

    8e3ed2ebca4cac9db345dbfd0dd2ddf49a26c5e8a4b4c2f38aaf445252aca742

  • SHA512

    9bb0e2da54202b48108864bf1620ce766663419c6628556a456e5a33ef3b660fbff821df9d7c5ca76c9fb156238457944ac40c0212804a1bb0cc48a968a1fba5

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8NCuXYRY5I2IqS4S/:fnyiQSoDuXuv3PJ/

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (2901) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\bad59e53bbb37d537e7ccd8edb6a1700N.exe
    "C:\Users\Admin\AppData\Local\Temp\bad59e53bbb37d537e7ccd8edb6a1700N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:836

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp
          Filesize

          85KB

          MD5

          3c36b550af3afb6697039e187d9aba91

          SHA1

          89824c10e9000fee51d183100a8b088fc6efe0c0

          SHA256

          27501b9d89faed1a3258ee12ab2a042fa3e62c4f43875aa6cf5c4b0be184d81a

          SHA512

          a29cf26bbf3bbb41273503d257852b67a42f62d1bcf369375943a04dce424e929b8b771bf8cb63e2678edf77a966b57a009fbfc1f9a2657a0aa7c6e50edc2b50

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          94KB

          MD5

          77afbddd861a621d2bb777ffa2093c4a

          SHA1

          ce5df936e8de362f7d4007612500e518731b35a7

          SHA256

          ee6b6b5e0a1831a02b5f6e28ef440ec377535c80dfb8222662bd5f631b064795

          SHA512

          6c3f766449b2f0705e90a1b423328ad8d9d48715ece56734178eb1adab972470ad161656dde92389de79f9c907c1e55aff87c0b76aabc4c2a80409c91c8f6836

          Download Submit

        • memory/836-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/836-70-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download