Overview

overview

9

Static

static

7

8dad147e55...0N.exe

windows7-x64

9

8dad147e55...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/09/2024, 09:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8dad147e55583903e1216dee6c452820N.exe

  • Size

    40KB

  • MD5

    8dad147e55583903e1216dee6c452820

  • SHA1

    327e1a4683372ebc6b2d884503d48e8acf7e2e16

  • SHA256

    8c9cdf31110cdfe21983cbbf2f3611c6408e895909b58583794cc79f24a2cf1c

  • SHA512

    0e526871416f196eb0f6dc7ea6983d11371a8db280d292f0a304d6a7e42cd7850a580748c0954ca35cee533ef60453ddc62ec7dfb9ff0e87b0a56660ca3edad2

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9HXEpwuD7I/pwuD7I5yAohGCYyAohGE:CTW7JJ7TFXCwnwDy4CYy4E

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4673) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\8dad147e55583903e1216dee6c452820N.exe
    "C:\Users\Admin\AppData\Local\Temp\8dad147e55583903e1216dee6c452820N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:320

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp
    Filesize

    41KB

    MD5

    c7ced7f49bcecd8c724cb252dfcf99b3

    SHA1

    6c666ea03ce36baa31a9f5f35fb2372116cddc64

    SHA256

    7567ab2a9b9517660dc346960a559d25b7dfb26bae654b051fb601c3314a6484

    SHA512

    91f904b731b730898ca1cc0f169b1ff065686fc8ace1af974b6f58d6e6094c2f3794fb601d85045b11e29753dd2780cf41c8f1700f377d6e0f4c13f9e7151916

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    139KB

    MD5

    2f77069e076f181da3b5333fde0fccc6

    SHA1

    114b161fe651419fc4ab491aeb24eb71f428801c

    SHA256

    740b8bf14750ca9a210834eac0d806b76ff95a613d1162a2aefd967691bf9cf6

    SHA512

    96631484d9aba346c283ecf842bf4f08274c5feee0b71937f4d0cf725efeb47d11a48c47ee67edb054cbc778e3548f3b63742b48cc078fbe0c7244057397e520

    Download Submit

  • memory/320-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/320-996-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download