Overview

overview

9

Static

static

7

d32dbc29ed...0N.exe

windows7-x64

9

d32dbc29ed...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    01-09-2024 00:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d32dbc29edce2fd1418d5b36f6f26810N.exe

  • Size

    88KB

  • MD5

    d32dbc29edce2fd1418d5b36f6f26810

  • SHA1

    f1c8b3bc06c8cb54080a7fee248521dd2a3fb2e3

  • SHA256

    438c6fd710e05fa42a4658bf72d172aa56ddc7167c380c8fb294425eb6f3788c

  • SHA512

    639267f8e075ee7efd26b2cb122d2e3de661dd460d28a9f061a6c094b782e75aca666b57e51a79c15cad6e2f24487b9e5a7b129bcb14a5eb426aec5a5563e53c

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8IZTXm7mEY6IY65:fnyiQSo7ZDsZ27

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (322) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\d32dbc29edce2fd1418d5b36f6f26810N.exe
    "C:\Users\Admin\AppData\Local\Temp\d32dbc29edce2fd1418d5b36f6f26810N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2172

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
    Filesize

    89KB

    MD5

    79b12d7605520a33ec402aef88e40c3f

    SHA1

    8f6da1d1d3edd26ac6ea16fe2f07721e31c024a0

    SHA256

    6b5302a05c1fd7d334f4e0bb75081d9915f01e3ad9886cfb0c1f7eb525f578cc

    SHA512

    46e576243ce6ca0ad4a9cd45086860a69a2d8d0f4eb8448215c5ff66ba9cefdbcdccbe97aa6c8794efeb95c6b668fe0aa7d6e959824cea57a5865d5a64201d4d

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    98KB

    MD5

    7b28374c24b55a6f70bf21fba508e186

    SHA1

    9c0693c770f760c7f6f81f6638429700f5b7c36b

    SHA256

    1c5ecb7a1c7912a4f0d1ffa00ef2556e3647e6840aea94338d9a21f2ae887935

    SHA512

    d07c3dca09917daaec46a87fce0b97419271f0d76899b4d6cf5dacf79e577b83415f8d5747c9b0dd09d39ef6e88cd9c166cdfc50e145f2880ea524baeb560338

    Download Submit

  • memory/2172-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2172-20-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download