Overview

overview

9

Static

static

7

49b4ee0d40...0N.exe

windows7-x64

9

49b4ee0d40...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    01/09/2024, 00:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49b4ee0d40d7f8d19d3636f75b584170N.exe

  • Size

    34KB

  • MD5

    49b4ee0d40d7f8d19d3636f75b584170

  • SHA1

    78600b96c3f920da27590975ccac2573a7b0f488

  • SHA256

    db49025c563fcb1594508967350af7ab96f2d0e2820073f10f2591ae58f30509

  • SHA512

    7718a4f93e1c86e351e520e9e982fa137d8a00cb8f9eb00c50f20062a8af8f285ace48b2634e13c7847a9f4da7fbc49ed0ca71f6b2d36a38a684d7a4c3b395c7

  • SSDEEP

    768:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJhATNydWK9WKTZQZU:CTW7JJZENTNyoKIKp

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3122) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\49b4ee0d40d7f8d19d3636f75b584170N.exe
    "C:\Users\Admin\AppData\Local\Temp\49b4ee0d40d7f8d19d3636f75b584170N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2484

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp
    Filesize

    35KB

    MD5

    105aa05469348afbe99ea56bc717200b

    SHA1

    3058673e0123998264753c20fe8aff5959f631d9

    SHA256

    15f929ae70a0e5e3d391e7faba1e03d741d623c0fa39253d5012d499d324ff72

    SHA512

    baf5cd8553cb39c6de5ca757d8ae45485db71797984609949684f3cda13fb109ed268833e7724c51a57c9d9497d0291e68090bda323c9f96e95d56060316d33e

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    44KB

    MD5

    7789c82486d620881afe44eb48ea56d6

    SHA1

    6be2665fbc269caa75752d982f7004f8ccf98edf

    SHA256

    9781465275b61780e2fe1b82cee4db294e8a2ea4d1b2d398961c2b642035f835

    SHA512

    3b9fad31a5adba8ef1a009da4daa14177e7623ad139b26082fb184967f423e5bed8374ccf76bd291b5b4b7a25099e2ed33cc61a143075a0d9cfe19e1180877bc

    Download Submit

  • memory/2484-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2484-71-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download