Overview

overview

9

Static

static

7

39e90ab5ef...0N.exe

windows7-x64

9

39e90ab5ef...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/09/2024, 08:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    39e90ab5ef6f98bde273d4cf3463fd30N.exe

  • Size

    66KB

  • MD5

    39e90ab5ef6f98bde273d4cf3463fd30

  • SHA1

    146cccc1314f748b1ebc3338245074796487e543

  • SHA256

    1200a049c7661c65c8abbcd0ca7dc6b3afb2d760625aa97c3fc0c8b41bdd5954

  • SHA512

    1e5a691b5eb3a18e10e389e5c0b840245d91286bfb8c70fb0cd90869db779839c04903b7ca28d712b3547eed5a9dd6e6e946c357c6ac3f1958e7ba3fb691b3c0

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFzZ:CTWn1++PJHJXA/OsIZfzc3/Q8zxY5a8e

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (2920) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\39e90ab5ef6f98bde273d4cf3463fd30N.exe
    "C:\Users\Admin\AppData\Local\Temp\39e90ab5ef6f98bde273d4cf3463fd30N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3064

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp
          Filesize

          66KB

          MD5

          96479e8d64ca82bc19bb0ed483659918

          SHA1

          a61997993bafa7adac0e988012e65c43ea750eb6

          SHA256

          b2744ad30e15c180141252bc45ebe1c5cabb88febf634c002a55f0da12846d81

          SHA512

          f472752bc2baf127e97ffd3d07b895966d0dc341ad548f77021541a5896f650f8cc254930a8e9ec173e44cbc5cde0295b087e4710a887b5cc20cf615acf37d73

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          75KB

          MD5

          b433d088844a58e465278f199e864985

          SHA1

          a12837a9b87990d11793c205e3727ba715694d1e

          SHA256

          08076d9a3b37937ca49882fb7ead9e49ff269a673df1da5f066e6bcd8a029878

          SHA512

          09a8583bd8b10b33daa104a930d561c57ef0213469be84122538a244a200453c352b277b9fd12fef63f455eb8979f3f6612f876a428c4dabeaea5dd42a22e283

          Download Submit

        • memory/3064-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3064-72-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download