Overview

overview

9

Static

static

7

45886bb651...0N.exe

windows7-x64

9

45886bb651...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    25/08/2024, 20:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    45886bb6518458b16a5410bb2929bc90N.exe

  • Size

    65KB

  • MD5

    45886bb6518458b16a5410bb2929bc90

  • SHA1

    8ea81e3e13cace52f92055868b5b222dc08a045a

  • SHA256

    af3cf3b99a4def136b8db5dec09083d9f1c6f55ee55a6dc42f34593b6464ae71

  • SHA512

    eb68b77cb6c30d376493d14381cb2a2ed1b4fbef9c3e1a34d660dac4826b60e84fe76cde26d0269db33ec7c418d439bbbcdd79e855546f1d974434a83d3a2631

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8zxY5a8CsL:KQSox5a8p

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3289) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\45886bb6518458b16a5410bb2929bc90N.exe
    "C:\Users\Admin\AppData\Local\Temp\45886bb6518458b16a5410bb2929bc90N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1688

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp
          Filesize

          65KB

          MD5

          7a46642000cdb55a8815d2598717e906

          SHA1

          7677eaeb435755cd4375d5e9020697aa6c282906

          SHA256

          fb200f038fba080dd36b980e9e387c7965f2067a5f63c086fc9fdca6a358033e

          SHA512

          02635eadc2a6745cc7a7c26282ddc6611fcd5f8bb5b59379fde693088756ff1130e16e8cc5db50e28ef152932cf343bdf33fad91c3a3763ba5f6aafc7034ae14

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          74KB

          MD5

          c69bae4ddf0e873fcb151ecfff445fa9

          SHA1

          930418841aab74289996bbccc741f3be53bb53d4

          SHA256

          0ebd0959da8d054872fd2bb0b6ed679e9453279c9b91d0a7b479c5d1ae3ab8af

          SHA512

          7a2860fd0d7176201f0a49780aff205d4225883fd1fa2974ea6e75f568301491f4c292cd08057fe6f50436cf1ba17ef8a1154390c31430b4f803d1d918667671

          Download Submit

        • memory/1688-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1688-70-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download