Overview

overview

9

Static

static

7

3d8dc3bfc7...0N.exe

windows7-x64

9

3d8dc3bfc7...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    20-08-2024 22:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d8dc3bfc71495354bada56d44ec6ac0N.exe

  • Size

    48KB

  • MD5

    3d8dc3bfc71495354bada56d44ec6ac0

  • SHA1

    225e494727cbe74dc2abea9a4451932b1acec7e4

  • SHA256

    798b3d1ad07462d5786c57a0bbba2a146e3f625f64cb9b3e4f28bd8c9ff5b7b2

  • SHA512

    9775343506cf5eea7995121c16c37e77daec7bf7a6b9d6d8ccb95031a547e394a66773ac5a346b2557199b576b491242cdcb2bb325aebb823318107d4b8fd9ea

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9S/3/d/3/J:V7Zf/FAxTWoJJ7TsvlvR

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3258) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d8dc3bfc71495354bada56d44ec6ac0N.exe
    "C:\Users\Admin\AppData\Local\Temp\3d8dc3bfc71495354bada56d44ec6ac0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1856

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp
    Filesize

    48KB

    MD5

    7110a4f349d7a88c4d0b11386c63a433

    SHA1

    51eee6d7d35fc16e31400ca9f7a23dcb0ff0bf4e

    SHA256

    9d8ce809d7881a4be8b0ea741ff9163ef6277e5744d486733fd4e633c75de91f

    SHA512

    0181492f2171b09dba6ab84a4772c50099525110362e1603af800676911d0a2b9f9309d613b8beb917b8ad2e7c28955f59993dc1249e3813c87c3e89788f17a3

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    57KB

    MD5

    2a009ed96d06cae9f11839772fb61fd5

    SHA1

    79de80a0e7d7c9070256612d02a24493ca561a9e

    SHA256

    7c715d1ca5877c07ad8135832c1e1b1f3a96d1ff5be7a91ccbfb976c3ce1c746

    SHA512

    ff4dbce70ee1498cfe4fac402cf989a4d5aeef7c6e02805f7dd7f1426fd42bbc9acb225ea74f5863f410ed12864093a8ac63f380b3a53136f0005e37c8d38032

    Download Submit

  • memory/1856-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1856-74-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download