Overview

overview

9

Static

static

7

ea38c6d040...0N.exe

windows7-x64

9

ea38c6d040...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    84s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/08/2024, 05:48

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ea38c6d040c23c42f26b2fd5da47e640N.exe

  • Size

    50KB

  • MD5

    ea38c6d040c23c42f26b2fd5da47e640

  • SHA1

    fa8cc231866d98e31ce2d30516b20c02e7882c94

  • SHA256

    f587943f28effcf1316cf1c2e8c08a99fd6b3296e5b8c6e242f2e0e1f048507e

  • SHA512

    627b7d3bd1058897154982eae1d31c7570341010a9f2284d15783b2acaf80a6a82c1d1b2f7a5500c59c8ef75c659e8d5a6e6527e9caf25f4a8484fe42eae4260

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9UiO:V7Zf/FAxTWoJJ7TiiO

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4651) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\ea38c6d040c23c42f26b2fd5da47e640N.exe
    "C:\Users\Admin\AppData\Local\Temp\ea38c6d040c23c42f26b2fd5da47e640N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4496

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2718105630-359604950-2820636825-1000\desktop.ini.tmp
          Filesize

          51KB

          MD5

          b10da58aa324fdd0ae63e2a579b8deb1

          SHA1

          08763afed6c299a27210e4ad00456f372c1bad58

          SHA256

          e5c4ff86ac6766e7cde5cf50a9aae1689ae707217bae1632e6767c5792dd8795

          SHA512

          bb7d6a4365cc6a3fc0a6623f850f91b6241ab1f20e2c9323fbd45c76136728afb742d152cd711453494ceb0b60d5c318844145f403d99d0092f52afc65426924

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          149KB

          MD5

          67300b3a4132e4338aa5e317578b2518

          SHA1

          44577ca2bee86947f2b66e3b9f9ae2019c98e327

          SHA256

          ac7ef5dc6f19d12fd09813e0aaa65fd2178a80f0a8bbc5fbee5c591afacc6277

          SHA512

          f5272bbffa9a7ad7f7263f761c7178524857474c2ab830b212b2a8b81f0b904dcb03afe9fb17fd67365b68ee2febdc57fc665660540382a113575db74360362c

          Download Submit

        • memory/4496-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/4496-910-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download