Overview

overview

9

Static

static

7

e8dbbfbf91...0N.exe

windows7-x64

9

e8dbbfbf91...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/08/2024, 11:57

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e8dbbfbf9172a868a45d8b722f28db80N.exe

  • Size

    39KB

  • MD5

    e8dbbfbf9172a868a45d8b722f28db80

  • SHA1

    4992a9f980486fb8ada51300f5d46abe50e6c715

  • SHA256

    5ef64053ba8dc2e624358826e4629e70b7d0ad51ddfd368379eb60ca855445fc

  • SHA512

    feb996c3aaf039d76bd7746aaa6be0693aba5508f9047f14058ea83bebd3c10efb8a97da8937710128321b1aec557b21dea3c612ffab70fc2800a5e4e7814fb7

  • SSDEEP

    768:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJhATNydWK9WKvhNYw05jYw053:CTW7JJZENTNyoKIKIwBwM

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4674) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\e8dbbfbf9172a868a45d8b722f28db80N.exe
    "C:\Users\Admin\AppData\Local\Temp\e8dbbfbf9172a868a45d8b722f28db80N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1892

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1302416131-1437503476-2806442725-1000\desktop.ini.tmp
          Filesize

          40KB

          MD5

          326b1d8392fca8a20c04861b8209ab01

          SHA1

          fe9cd4e668eba4a059527361a21f6ff82c8325cc

          SHA256

          c254be3a16c029da0e7c49b3b5d4ce529bc46405a837747fa0dfe89c8616aa1f

          SHA512

          451434ab4142992ab4ac5b0f8743c8d8cedd38b35f4e58f7406acff4c6abca53baaa8ac23c784a12c2f88849b31aef66ae4a00961ba2e46421cd4499f464efb2

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          138KB

          MD5

          f6f999d19ee1e4828c957d9cf2993cd4

          SHA1

          90c73d98f03881120f340ce312ae40e2314b1566

          SHA256

          6f7e054ec2a541b15d9dd7ed8974dccc8006e1571d8cb3e11d4d7a8937a3fd74

          SHA512

          fbf6622c8a46852c897a8a9ac6f5261126b441c5826c74f59c97b976a4d0bb914bed17c7d2dc9f40da865165e409547d31f38a40078bf315a6da5e200633b708

          Download Submit

        • memory/1892-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1892-929-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download