Overview

overview

9

Static

static

7

3f9de3e4ad...0N.exe

windows7-x64

9

3f9de3e4ad...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    29-08-2024 09:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f9de3e4ad33a837b71b90995ea7e400N.exe

  • Size

    36KB

  • MD5

    3f9de3e4ad33a837b71b90995ea7e400

  • SHA1

    30f4cfa12f7055544b8adfc5b36b6d4e59cefae2

  • SHA256

    e34571ce3328538502f2910fca0d3edd61612a18b58c751e7a9636236691bb47

  • SHA512

    92b9a59033c9adda7ac9ced1a1483220d48868a9c990d118ba54b3e203fec97a29a20a2225061baafc148cb2174d293ff303e8723ff7655dcc252e0bdf98facf

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcwBcCBcw/tio/tiFneEn:CTW7JJ7TTQoQwEn

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3446) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f9de3e4ad33a837b71b90995ea7e400N.exe
    "C:\Users\Admin\AppData\Local\Temp\3f9de3e4ad33a837b71b90995ea7e400N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2972

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp
    Filesize

    37KB

    MD5

    f3e0ccd3e1db9215c433d1c788426427

    SHA1

    28eb01fc42fbbb982c81739be1c3cb19b45166c5

    SHA256

    e5b9ffca895cf89bb6239fb8aa34e4deb3074c1cf5cf387643bf0a957ff1ae4e

    SHA512

    d225408efdf8d6df07bfb5fd864e91b8c438332812347fe1a3ab9681d8ff90210b5b06e69bf93f5f95ff27180a8cae0a1c8e0be0055e57e8ecb6ef4b224ca22f

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    46KB

    MD5

    c12b0add45904d1867394ad1012697a0

    SHA1

    6396ad85689203c28322c03c66371fd47a60c14a

    SHA256

    0aabb68c3ba13b6bc3582d1947c6550cc6f9ced3e942237654761c7e8ea32bc3

    SHA512

    81d0fd44694370880ce22cf839471db9d732d02e26f68dc704c6375bc33f4d415ea70e6449dd77c9f26c053045fcf1c9a8c92ee8d1bcaface55dde9b66da6790

    Download Submit

  • memory/2972-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2972-75-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download