Overview

overview

9

Static

static

7

5417134382...0N.exe

windows7-x64

9

5417134382...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    28/08/2024, 22:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5417134382dc688a0b596c53a8dab770N.exe

  • Size

    30KB

  • MD5

    5417134382dc688a0b596c53a8dab770

  • SHA1

    0cdb3c1e98f0244318a23b1d3fb4d3550133575f

  • SHA256

    fec0f0fced66f4bf08d90b0845a57753dbe481b60a29dd86834b6e9fd36a1758

  • SHA512

    74eb5e361e047a131e7df48c3c91186fcbb38eeea6d532f7c77ccf5a95fa2f481520a6fc5193d4af1f24f043867e6f5ff69934999c3cf1e06e54dfe95ac5d5c7

  • SSDEEP

    384:QOlIBXDaU7CPKK0TIhfJJ1Evd5BvhzaM9mSIEvd5BvhzaM9mSsxmMxm9+9vNu0e:kBT37CPKKdJJ1EXBwzEXBwdcMcI9m

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (329) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\5417134382dc688a0b596c53a8dab770N.exe
    "C:\Users\Admin\AppData\Local\Temp\5417134382dc688a0b596c53a8dab770N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2960

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
    Filesize

    30KB

    MD5

    aa9042c8f34429dce5023011ab13db7b

    SHA1

    71cbcda69ee4e8839d3f0b4542cd8254c114a9b5

    SHA256

    0f51ea0e3f6712b2d0daefaf9c03af176ec8f6fca7c6375a49dfc244ce2a672b

    SHA512

    ff60e4fdbfaef042d6efc61938ab16a794d800d65195b0e90ce6881e2a41ccb3fcb621341ef457cdbcc8f4f28888add4d5d73aa48dd578339daa385179fbcd70

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    39KB

    MD5

    55b1720a224cf279785995713b0e70c4

    SHA1

    e109be68405d0b88d8441c289a6d5ff0c5569a3e

    SHA256

    0199e6e98a945964bf63496efeccf064529b639935a2045dd645b88361b87c5e

    SHA512

    68188a73a141dc166f5c99221107e080c8b7f1d1c589ea9b651f98d4276a49f81375da1d6be19652853e62f0eb295230e4b5ed7a506dffee97c0727cf7741fa8

    Download Submit

  • memory/2960-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2960-27-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download