Overview

overview

9

Static

static

7

8b3ade754e...0N.exe

windows7-x64

9

8b3ade754e...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03-09-2024 13:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b3ade754e009c3bbcae179dfbecc3f0N.exe

  • Size

    89KB

  • MD5

    8b3ade754e009c3bbcae179dfbecc3f0

  • SHA1

    1f8f1a02f28b86278107e67717833b35ab8ca4df

  • SHA256

    6f5f96945eb1488c8ed4bad9bc4fc55852a93520a7491568fcb7baa485d1fdd9

  • SHA512

    b4154aa5a4bab62c79b8ac6a9e959ffbf47700c65413cb9d9466626237958c30434d5a8dd854010154d7a075e549c30051968c6d21d713370621ddd0b24264e5

  • SSDEEP

    1536:V7Zf/FAxTWtnMdyGdyoIOIPwXwRsDTsDa:fnyGnCIOIPwXwRsDTsDa

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (329) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b3ade754e009c3bbcae179dfbecc3f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8b3ade754e009c3bbcae179dfbecc3f0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1592

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp
    Filesize

    89KB

    MD5

    9514bf03490e2541e709b58cbbab5f0e

    SHA1

    ee68c59af33bcfaab103b92603d205b849bb615c

    SHA256

    7f77cac592bf20b0aff6d3a27d049d3c001d7360c3b4b749ed3c416aa3ea4911

    SHA512

    77a3201506f338c8c924ed5dc9aeff47e8c3b1434b4560292b6db60d62ef655b01774f0b49acda08dd47a4829f8395f3f3e12ec5e92a480a28537c257d54d3e9

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    98KB

    MD5

    c085a0d42ea3a43fd5a2f234c21d8ba4

    SHA1

    fd5c270c35f7fae4212a024cf8fa9422a2cda23e

    SHA256

    d3722040b749ba18ad44f5fbabbc7d28744efbbdb6807339f38ebea3f9048546

    SHA512

    ba82a224a0f5a31f4224f4efa2d9e939bf479c784e01f470705f6bc5758031cfbe06c8fdfa305fbe7dcc199ca5ffde0f740ad46f6578ac79aefd2bf7db09fa6d

    Download Submit

  • memory/1592-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1592-26-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download