Overview

overview

9

Static

static

7

bb2092ba2a...0N.exe

windows7-x64

9

bb2092ba2a...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/08/2024, 07:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bb2092ba2a45a47ee9af5b98b95c0330N.exe

  • Size

    125KB

  • MD5

    bb2092ba2a45a47ee9af5b98b95c0330

  • SHA1

    6f873508645a0ed386bb98df0ca6d3bb340072e2

  • SHA256

    d15df42e568ace459f60d5fa2d05d0f3bc510a3e499abf70aac26c5e83d487c9

  • SHA512

    3d9c83f5bdd5668279c2b2f21b68da5807ac5474df33953906940e0e662ad0513c01266a53c4997c40d00e473438b79074e62d555c3c0a484c1e2aa57ab6eb9a

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxY5DS7TWn1++PJHJXA/OsIZfzc3/Q85:fnyiQSox5DSvQSox5DSNQi

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4359) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb2092ba2a45a47ee9af5b98b95c0330N.exe
    "C:\Users\Admin\AppData\Local\Temp\bb2092ba2a45a47ee9af5b98b95c0330N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4936

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.tmp
    Filesize

    126KB

    MD5

    2feca92b8041629748ee85a1fc101016

    SHA1

    a4303b01fbd7cc6759feefaec334f33b01dd4206

    SHA256

    87a6e90683f4946b95b9e1542ff736c4e885149068667b48edfa63b8236478cf

    SHA512

    b198a24291e44dc381bb32ab9a26e55b6ae6e39a36763d1555aed4516e3bdb3fe2f997a73950a4bbdfe198413444bf38ec4e191b1cdb0506e0d74dfa158e2a8b

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    224KB

    MD5

    5f014c6a4353e7db9e0c8dca9da4d7bb

    SHA1

    c797b1bbcb1c5bfe1698ea64ee86120743e333ee

    SHA256

    84f065eec96b643137567f540d3bdba8807cf928d556cae6c02b96d20036550b

    SHA512

    58c032b1297196d236198ba831a9d6c172b150824796b6e6c9b8b6d98f2901765302d7b9580d6667b0113dbfc210eadefc53b0a5a7858da72129520e699a0274

    Download Submit

  • memory/4936-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/4936-840-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download