Overview

overview

9

Static

static

7

3f13b07ca0...0N.exe

windows7-x64

9

3f13b07ca0...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-09-2024 02:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3f13b07ca0dfb106945e51c6d4d80a50N.exe

  • Size

    65KB

  • MD5

    3f13b07ca0dfb106945e51c6d4d80a50

  • SHA1

    ff9fa288fd3e3e64bd4dfaeaeea073a8b9efa17c

  • SHA256

    6310afeb10243f67d2a82cec0baa4b35420598b0cf9a6c80d28a0fa0499253f0

  • SHA512

    3a1c1bc9b78f54ce08b6cf0e81c1300e64a5e028782941d4b9f5e1f5f63aa6fc1fa02a3a3cb8e330bf9e77455370921d55d032aa80de8d656cab338e287807b8

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzk:CTWn1++PJHJXA/OsIZfzc3/Q8zxY5Z3t

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4647) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\3f13b07ca0dfb106945e51c6d4d80a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\3f13b07ca0dfb106945e51c6d4d80a50N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4968

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-523280732-2327480845-3730041215-1000\desktop.ini.tmp
    Filesize

    66KB

    MD5

    f740d1b65c850fb12f8285573ac73d48

    SHA1

    ed6fed0f3e10758776f96b0cff2f5e0594bdff87

    SHA256

    5f7c2be0b05af0807d1afd3fe5b22bce77e76e09785b2c26bc3ed6db595f3842

    SHA512

    851fc617b43cfeae7376218686d7b57520a3f8a090db02a27777caefc18d89481c91d7330db025c872e54568ce8d3f825c501aec04436a04377febef4a85fd27

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    164KB

    MD5

    f31a6048320f2cb736ad891449b575e0

    SHA1

    6f6db1fdecfba3ad08f8fb77ca4032df49c65dd8

    SHA256

    abad7434a2b06fa73e2e08d4a25a9119e684ef0f7609f20735863d0f62b935de

    SHA512

    d11b156fd14dabb4d11d757e52d91d6ca19d5c877bd017d7f03622029b2ec16fd5ba1bcd2291594a093146e322e4a038db4d83bdf73dbe4c568b852d15b7fce5

    Download Submit

  • memory/4968-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4968-902-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download