Overview

overview

9

Static

static

7

54d2a8f699...11.exe

windows7-x64

9

54d2a8f699...11.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-09-2024 22:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    54d2a8f69987e3e11641523f2946b79bd3403dda7cd5b4fc2210d03dd1813f11.exe

  • Size

    56KB

  • MD5

    bde497823e875665a814ec64a80ec163

  • SHA1

    511bb90942bed8428cd2d1825698eb6c8e1e365c

  • SHA256

    54d2a8f69987e3e11641523f2946b79bd3403dda7cd5b4fc2210d03dd1813f11

  • SHA512

    4d27807586ab7a0a93aed65b348bed4b7b774f70ca6e670bff71a33a6c549a49666cfb926dabd09263180b68fcf6ab6ec0d3d1bf1d46d832e926b57d7ea13a60

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNydWK9WKF9ADJb:V7Zf/FAxTWoJJZENTNyoKIKMpS2

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (5037) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\54d2a8f69987e3e11641523f2946b79bd3403dda7cd5b4fc2210d03dd1813f11.exe
    "C:\Users\Admin\AppData\Local\Temp\54d2a8f69987e3e11641523f2946b79bd3403dda7cd5b4fc2210d03dd1813f11.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:212

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.tmp
    Filesize

    57KB

    MD5

    810bfe272cc391011c0d22a44541d9d0

    SHA1

    f22e797c105fd67c81adf8d46caea374cfc2f4a6

    SHA256

    4d703f00027e60ff3958eae74b93b28e62dfa922aea80cae3ddcf4bcb0b7bc4d

    SHA512

    4644defbff3ca76577b943e7d41bd8f37e0cbd4eb55ff8a9a2309885a0fa91a2f13005d2e63a223c9ff2b90c062610fcb217ce3c26c4478c13379acf8a545026

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    155KB

    MD5

    da666180f8eab20ddd0d3f8b88a83495

    SHA1

    bd2c9dea9ed6324ac65729806fe3874b5d72ef78

    SHA256

    f54b12cbe7c45b755e22e58f5160f9bbc0743d6d7ffa2526e84c32abd424f483

    SHA512

    f30316a557bb38f13ea94dd65c50ad4784d2066807ba90ee84cd24ef03c17dbb41a0e043c3c303ffb1047b818d67d76d29e98882bc5586ea981b328c4005cd47

    Download Submit

  • memory/212-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/212-862-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download