Overview

overview

9

Static

static

7

bdb3ae3e1b...0N.exe

windows7-x64

9

bdb3ae3e1b...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2024, 15:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bdb3ae3e1b888e3eb4adf3a3335c1c20N.exe

  • Size

    98KB

  • MD5

    bdb3ae3e1b888e3eb4adf3a3335c1c20

  • SHA1

    f6c294e3e747bc585a57bf5abe914198590e4654

  • SHA256

    1400dcce463ae1cfa648386b5d2db47f5f63f84207d7e4dc324a2d4c97042896

  • SHA512

    fad6f273b6dab4c88e24297b4f43c5b94180a2d40ed8f49a218c5d23a156804b3497c6a314d0f3e314c59b4ddceadee334bf660dfb5b428193f95a83d389d671

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/tihBT37CPh:V7Zf/FAxTWoJJ7TTQoQrTW7JJ7TTQoQi

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (251) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\bdb3ae3e1b888e3eb4adf3a3335c1c20N.exe
    "C:\Users\Admin\AppData\Local\Temp\bdb3ae3e1b888e3eb4adf3a3335c1c20N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2120

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
    Filesize

    98KB

    MD5

    dea4980abc491c5ae8a3ed4a6c98990b

    SHA1

    edac70ad7b74d1a317ef45765c0cd5d287d9f223

    SHA256

    a5f14a80df1ea3a280310e16b8932a38b810facba7b089ac48a6fe8fc5186aaf

    SHA512

    81d1ce49e6adc2a135f5ae3cc8001fefa62e1798714dba8523847459bdbf44d1f45af4d1d6e2f79871c6052979e15226fc34356620f08a1d45e631ecb73c8d1c

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    107KB

    MD5

    48474c21c3fe4c12d4c83c7d44957c8b

    SHA1

    78235c7ce5be7ccbaab2c756b94c780b541a1b65

    SHA256

    c57143eac85b79c163601a24c2a7ad97f089afc93155d90331702e40392c3819

    SHA512

    b1d6787d61ff5ca17d06415365425b994de2ca292b62f3c8ba399b197555a4281fe8fb513e0ec3f97aaadbfc4a3e6c3943bd9ec8ba67f16164cb9fb4e1d1a8d4

    Download Submit

  • memory/2120-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2120-18-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download