Overview

overview

9

Static

static

7

58b9146593...0N.exe

windows7-x64

9

58b9146593...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    103s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/08/2024, 16:04

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    58b9146593a3419650fe6d31336a21c0N.exe

  • Size

    76KB

  • MD5

    58b9146593a3419650fe6d31336a21c0

  • SHA1

    2f28257656d1817cc1436026699c95acb675233a

  • SHA256

    5201352ae6d7cfdf7416b37bce794121e0452d35cbaa45ca4696bf2b5650ce90

  • SHA512

    f85a4ac5face8d40c627b99abf1eada1e5ef4319af5aa940c502cb09f4bb1ffa4982b12c02e06548ecfd81d88ed2d9ff67cc7228e0b5e82c226313242e9b0b89

  • SSDEEP

    1536:V7Zf/FAxTWoJJ7TVTW7JJ7TXEvBnHHwTVEvBnHHwTd:fny1K7T3

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4601) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\58b9146593a3419650fe6d31336a21c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\58b9146593a3419650fe6d31336a21c0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:216

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.tmp
          Filesize

          76KB

          MD5

          758db87bdb9bd1df63283366fc62a65d

          SHA1

          ac0a761bf6522a711d5b40cd39b9af02641bc96a

          SHA256

          e6896242248378160cd667a8dabdc29bb1165e217ff702a37face7b4744657fe

          SHA512

          11fe82190cf6282ab79897e6815318c3fe9dd1f2c83f83703ef15157bb07d60db5f9065d37c6170bd04df0280ce864f72a192aed1a18f9d22f281f709383e36e

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          175KB

          MD5

          00224a0a303058480c4208795192005f

          SHA1

          40c8ba82727fc6b2bfeb4a40ad23adf3f6ca449e

          SHA256

          1f1ac8e9a608e2f9bcb54b35b35fac5523029edff72ba2d5f968d38975ee463e

          SHA512

          ce003d35775a0f8a353ccc3c5f244efd21611aad81162d2c991bd6769d05f5e65d8cf75ed5d2ba43b85e55ed6cbe2d63ffb004f5cf01d2e74ead52b43afe8518

          Download Submit

        • memory/216-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/216-850-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download