Overview

overview

9

Static

static

7

dc2d7ba08d...3d.exe

windows7-x64

9

dc2d7ba08d...3d.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    135s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/09/2024, 04:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    dc2d7ba08dba9e1340096be329e2635d9e4cbcc154c827414adc511b0d684b3d.exe

  • Size

    56KB

  • MD5

    89f23be849ec5d6f8186c593753c0ec8

  • SHA1

    3845760744aea1a334466338c71a46e031e82a7f

  • SHA256

    dc2d7ba08dba9e1340096be329e2635d9e4cbcc154c827414adc511b0d684b3d

  • SHA512

    8aa8c55d4a83582a5f5c4f2d84176f9aac244e645eda83f58a7f3200b74d735a125a1db8d462893f7f465e9fe524eda9eac0126fcd015ad8585395e65372d296

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNydWK9WKF9ADJS:V7Zf/FAxTWoJJZENTNyoKIKMI

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (5026) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc2d7ba08dba9e1340096be329e2635d9e4cbcc154c827414adc511b0d684b3d.exe
    "C:\Users\Admin\AppData\Local\Temp\dc2d7ba08dba9e1340096be329e2635d9e4cbcc154c827414adc511b0d684b3d.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3696
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4508,i,4174666705242427184,7333705955694532165,262144 --variations-seed-version --mojo-platform-channel-handle=4264 /prefetch:8
    1⤵
      PID:2884

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp
            Filesize

            57KB

            MD5

            8a9fd1f62dbda98650662417bef4cc1a

            SHA1

            6ef01b4b16dbf4d69203ec4c8c798e226fb87ff1

            SHA256

            d879fd2841bf10ec1cdaa9ac505357120aad06b66e8d2eeb0d7eb9ade5acacad

            SHA512

            b6bd1818ae17a992df35ecc8f0874256e9f4ba0335db27b337749c4e6cddff4061782b501289ca7d7f5fc162f77bbb015f9113b143d0589fcf54d904fe9d0e2e

            Download Submit

          • C:\Program Files\7-Zip\7-zip.chm.tmp
            Filesize

            169KB

            MD5

            713a794dfaa99dbebc20bb155162bd78

            SHA1

            3723bb5389b5eb749bc213e6546bfaac116351da

            SHA256

            41aaffcb8e23f6b3f3d67ffdde0dcd60a20b0ef22cfad42016cc5c37916f4847

            SHA512

            0adeb2c5e72a4edd714e5df2d8e4438ef2a217782b679ecc1712521ae901c9d6ab4fece7d876f2540a25f74dfc329c2a542910ade4a70af398f4b82470b8dc5b

            Download Submit

          • memory/3696-0-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

            Download

          • memory/3696-858-0x0000000000400000-0x000000000040B000-memory.dmp

            Filesize

            44KB

            Download