Overview

overview

9

Static

static

7

30f81625cd...0N.exe

windows7-x64

9

30f81625cd...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    03-09-2024 02:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    30f81625cd00934cde87a8cec7e714e0N.exe

  • Size

    61KB

  • MD5

    30f81625cd00934cde87a8cec7e714e0

  • SHA1

    615bf4624e6f1a111c838f17c1a8b1f7da2569c4

  • SHA256

    645f03ba0943235772a3214adf6c6c15bf54e5e1a145bc7068f5e851ada06c8d

  • SHA512

    69d3f59109af743fb8bdb8bd58ab1a6859f7a1b6cdea83dc4015b09a2dd7b8a2d1929c9a4b4b8d4df504b57b46d99e58f8d67c4c7179f9da8685e69c2455b960

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcw/tio/tilQI:V7Zf/FAxTWoJJ7TTQoQlQI

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3282) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\30f81625cd00934cde87a8cec7e714e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\30f81625cd00934cde87a8cec7e714e0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2524

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2703099537-420551529-3771253338-1000\desktop.ini.tmp
    Filesize

    61KB

    MD5

    b3707c98952a1181720bdc2db0548e17

    SHA1

    7785492b22c493e9725f4b0709c488ba27e19722

    SHA256

    6ce93851b6900c4e1a0749bcdb7ceddf406210e8876b88a450cc0e33a121372d

    SHA512

    0257ed7ba056db17f67e73eb9bdca4fa33de9b5264fcd3e868078866c0c2382b3aa9f036ae7df3e68db645c63c89e4a0586922fd0e7afa89f845e54e05ac0727

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    70KB

    MD5

    84363fee8633dff448185140a7e7fe06

    SHA1

    654b1ba38aab87e7245a552cddb2469d1b38e332

    SHA256

    76f3e2dac9288c58729109b5ccc1f2b531ef0d18e9e65c66018e09c428205ba7

    SHA512

    94f0f2acdf98626c64e741353f372c2f1f97e55251022c88448cb6a4fb90d5475634344b48f8d00550bffb066d625dcc62e8a4c3e542131138bc13373ed5b5ca

    Download Submit

  • memory/2524-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2524-74-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download