Overview

overview

9

Static

static

7

10ea72a65f...8f.exe

windows7-x64

9

10ea72a65f...8f.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    148s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/08/2024, 18:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10ea72a65fdaeee9204ca6e02070f9fa316b3ab6cce69cd8c1605be0aa13de8f.exe

  • Size

    66KB

  • MD5

    50e187206f583c2e9aa350263806189f

  • SHA1

    cd013d7edcb247cb9eba70a50e5374461c35b9fa

  • SHA256

    10ea72a65fdaeee9204ca6e02070f9fa316b3ab6cce69cd8c1605be0aa13de8f

  • SHA512

    3bf15f4e80873e09acad77bcac7ef0a84dfd6b2632136fdd5be652cf01c7365632066d76cc84f291e7ff2d9725906cdf9b788450fd19d9da35c4740601280de2

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjSEXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rF:V7Zf/FAxTWtnMdyGdyNQ4NQ4v

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (5049) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\10ea72a65fdaeee9204ca6e02070f9fa316b3ab6cce69cd8c1605be0aa13de8f.exe
    "C:\Users\Admin\AppData\Local\Temp\10ea72a65fdaeee9204ca6e02070f9fa316b3ab6cce69cd8c1605be0aa13de8f.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3532

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4182098368-2521458979-3782681353-1000\desktop.ini.tmp
    Filesize

    66KB

    MD5

    45ac559c16015faee8fc13a526bbe81e

    SHA1

    033dcb9844e07649d2f22920fd69c53c3a5c339c

    SHA256

    efec1e0099cbbfb73cffd1d49d2e5fc18dcfeda87299c05e0871c389220d1c4a

    SHA512

    853cf5749c1558de96625c6e370f693d4323119b5eb399a982e34c1caa7f12ede252730700524c55cef1954952e499c016ab51c4f50a9561e03ea389ce8e35c1

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    165KB

    MD5

    5861964520b76384583fc4db29004e15

    SHA1

    282ae5baf8e3827511c52359b39fc03bb7e1efad

    SHA256

    bc4f0bbf7f33b165a21e7704022fe00bbb9db23f5b29176eb0ab053503651a7a

    SHA512

    ceb33708af24325a373a95bb04f59f7090e89d68d3b93b63aaf51a16008315e21884a2d0f987828950e6b93f50dd95642b010b64ac640b1ff4a9cf7aebd72a02

    Download Submit

  • memory/3532-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3532-864-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download