Overview

overview

9

Static

static

7

fd7bf111ac...0N.exe

windows7-x64

9

fd7bf111ac...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/08/2024, 19:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fd7bf111acde4611ea2c1823d54bdad0N.exe

  • Size

    71KB

  • MD5

    fd7bf111acde4611ea2c1823d54bdad0

  • SHA1

    e6cc85b08efea4430458d7022399dcfdf5f2914d

  • SHA256

    e6975448c999af4559bef41a38293019abded7d6283685b058029ce292e8edc8

  • SHA512

    be4449e56d5b81734fa55e0bd220640f08fbdaa80a2166cf250fba000b160427856595678dab6947209bd5c9b250980a786bc09e4413966775971ee838fe13e9

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcI9ABT37CPKKdJJ1EXBwzEN:V7Zf/FAxTWoJJ7TsTW7JJ7TY

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4611) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\fd7bf111acde4611ea2c1823d54bdad0N.exe
    "C:\Users\Admin\AppData\Local\Temp\fd7bf111acde4611ea2c1823d54bdad0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3056

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-355097885-2402257403-2971294179-1000\desktop.ini.tmp
    Filesize

    71KB

    MD5

    46cc82b886497a04cd2a0bc35f1537ad

    SHA1

    2efc085286603d6653a1393d94e69541f3655f6e

    SHA256

    b0ce3dee722f57532659d8dc35d7ec3f6c8ce995d305ef5a7bc9cd405fe6ffca

    SHA512

    94821276ae8eb81510abd5bea36c8a6243b3529c558a5e17ac54dc4ee7c2c91373a49670599ac7e09b8bada5a139dc8441484145d335615515a7a76f4a1b4217

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    170KB

    MD5

    d1c861707cc04bec19d70513d5e2ba5a

    SHA1

    dfd30621757a273897d67539b8fc0d7d40e97547

    SHA256

    8d85040b2042fbb8ed6c3cfb01a8e03ab1a8478a8885048791559d98f84ea66a

    SHA512

    f3b8a35e51db698760ce30b17a62d45f105da1685020cc284b0a5e5090170158776322cc55f319a9c78f5407bab8669212b1b4348cf1fcf3fe835c96835a83b5

    Download Submit

  • memory/3056-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3056-850-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download