Overview

overview

9

Static

static

7

35fbec4cd9...0N.exe

windows7-x64

9

35fbec4cd9...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/09/2024, 01:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    35fbec4cd96a0575c50d7f93e0c5a650N.exe

  • Size

    64KB

  • MD5

    35fbec4cd96a0575c50d7f93e0c5a650

  • SHA1

    b49b53cbf1d6213f0e9f397d2b0b8d85dc87f5e7

  • SHA256

    26f0cfd532f06c7235b3242278d78971a1f4d55415eb5b04bde40251202282b1

  • SHA512

    fc18c1ae4506439441f73c65b261090bbe4644ac1c09d2c9d2caef79cb9aa945ec51df5c4a99145dd9baee3f907ff2cba7d6b3b2907854a9c4e892b57b2391d8

  • SSDEEP

    1536:V7Zf/FAxTWoJJTU3UytJfOKI+h/YI+h/BQ:fny1sI+h/YI+h/BQ

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4225) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\35fbec4cd96a0575c50d7f93e0c5a650N.exe
    "C:\Users\Admin\AppData\Local\Temp\35fbec4cd96a0575c50d7f93e0c5a650N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2756

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.tmp
          Filesize

          64KB

          MD5

          31c89aa265d1083ec97b3755b838e953

          SHA1

          197652594d80225513ebb8e2a1baa47dc4069931

          SHA256

          73b8762d23f9cd1cbbcf2c26ca6501d11c8e5bbfb7ca07a06cd573b1868848ef

          SHA512

          10c5924f067731b7ac332af98d243ba4687f36befd7907b085db22c8af691dc345902eaf42ea0c02a2ae2b2adc7a1bc96cb91c97d9913df826d21ea2c561e924

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          163KB

          MD5

          646357cdc477a0159d39358762444bb1

          SHA1

          306a6e526919db4e41337300724bbb82c78998f7

          SHA256

          8a8630e7669d36a5a122b42244977cdbf113b8d2de130439b2602afba4d6704f

          SHA512

          7ed204751599ad8a26cbb114e44d1f0a135f4bb883dc83e485b40e8adb21b2321b05308eaf229dcf1c071863cedc533e40ab5ba11a04fea31668dea7a8823cf8

          Download Submit

        • memory/2756-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2756-794-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download