Overview

overview

9

Static

static

7

425eae6486...0N.exe

windows7-x64

9

425eae6486...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    02-09-2024 14:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    425eae64864fa3c9233e6c00a41d5ec0N.exe

  • Size

    26KB

  • MD5

    425eae64864fa3c9233e6c00a41d5ec0

  • SHA1

    7818a68e4b1e8b8d1ebccf4242e4f10271050bfc

  • SHA256

    622a5da08bb5fa5b476b765b932e0e5645b2489f7760f116b1a6f80e86bf9aa2

  • SHA512

    a0d637ae639f07afa2ca5b4d4d9e82bdd9c4c5ffba180c31a03aa351b5731e6cf20426ad882b902c17f52c91f253bb268942c75769c346d82c3910c70959ed1c

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI90mkmp:CTW7JJ7TqLy

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3407) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\425eae64864fa3c9233e6c00a41d5ec0N.exe
    "C:\Users\Admin\AppData\Local\Temp\425eae64864fa3c9233e6c00a41d5ec0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1424

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp
    Filesize

    27KB

    MD5

    a3a4e33bcdf54f06c05564aa4a1d72ef

    SHA1

    6a0be6a5461206391b7d46b33e1dd513722b860c

    SHA256

    982e2688a6e16191d7da24d330ffcb83d73a8c6db02dd23eab3e5d88e04ca55c

    SHA512

    9ff3840fdd69d62a0f8552880c450d746580a8a18d366f359aa625d746e1004c3b6b62c2ac54c9c7c1af8e9a409d9c132b4957ded46c99c3579e8f28c05b4c34

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    36KB

    MD5

    e27ded52dea598c4c040646cb537c942

    SHA1

    7f0a4d553903eb8abcb7abd1f9127e257b764113

    SHA256

    9cf01f76660cbb83b9cfd92025481dd39320afe497b57d24bbd0b1951ebe0ed9

    SHA512

    b281b0e3e002b45f922611da51d73d4f25c5225149cf9d906e6d550b5743f1378a80822ff4284b6579730e9d37b2662738e8b85981203b5b6f877e31f465cbc8

    Download Submit

  • memory/1424-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1424-71-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download