Overview

overview

9

Static

static

7

3a1985532a...0N.exe

windows7-x64

9

3a1985532a...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    15s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    03/09/2024, 17:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3a1985532abaf806eda83c1eb5855d80N.exe

  • Size

    79KB

  • MD5

    3a1985532abaf806eda83c1eb5855d80

  • SHA1

    7ed8dd5f0ae6a8fb2073ad2222650b9a9d81ce5a

  • SHA256

    8d0821c276bb477b3ea2b8752b6f0ce07f0d6140d4e9556a1b5e00b3e4da0d65

  • SHA512

    ffaba3a5884b2ce858718ba8be79dd2e3636c3fe3eadabb212b5714c8cf60343c3a7ca306c3e179cdb4f281b10986737f897aa6e5724bddf6d385773a04ae641

  • SSDEEP

    1536:V7Zf/FAxTWoJJZENTB/oP0DP0n3eTW7JJZENTB/oP0DP0I:fny1tEIP0DP0NtEIP0DP0I

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (362) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\3a1985532abaf806eda83c1eb5855d80N.exe
    "C:\Users\Admin\AppData\Local\Temp\3a1985532abaf806eda83c1eb5855d80N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2876

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp
          Filesize

          79KB

          MD5

          5f92751d5cf11092595d0d71eb17529d

          SHA1

          519851ab4aef6b38cd56b3d653f0253cfaedeb93

          SHA256

          1ad3632aad2dbb14671461cf224e2792d5ea6adc59570373fcdb3972782b3565

          SHA512

          7b2e3c058e1dbbaef698ed38311118e948fd0c24f05a66ee48df8b3afb32b885f89e7541f9dfa8e21d2adf02294de481915ef35a858cee1b6795b5f9bf913928

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          88KB

          MD5

          800e8adff2e7310abb66b95bcf3bd238

          SHA1

          83c8b281fe5cfba8bfdc4fdc07901fa74134b0d1

          SHA256

          648ae498573a1c51104f637cb61382df9dfe57b6142c66e2d9f4c762cbef7b1c

          SHA512

          4b8043c92fcd5730546b93a2ab31243afa8927930262f93591e50c0daca9597f7388a6608042bb86c17fff89603b594a23dbeabdb178774b25a328ff8c620875

          Download Submit

        • memory/2876-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2876-26-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download