Overview

overview

9

Static

static

7

82a4660f57...0N.exe

windows7-x64

9

82a4660f57...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/09/2024, 11:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    82a4660f57e41bfd7840c02ca42c31a0N.exe

  • Size

    43KB

  • MD5

    82a4660f57e41bfd7840c02ca42c31a0

  • SHA1

    7318a7fc2cd5a4b7da4bc8be9304503e0b8c7a99

  • SHA256

    395398166767f0afde0a47cb17a64c09854b7468ec6670f7151c58dc45cbc34a

  • SHA512

    4650e11d4219484780883e6ad90c57684377ea0d2f2ae7e611f85d98073351b2cf6a3032e4276b48180a4d75ae016f47754d73f7d631e2c8a41b8c365cab519b

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcwBcCBcw/tio/ti12y2Nn3EskmKsMAn3EskmKsE:CTW7JJ7TTQoQ12y2CfmKbfmK/

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4655) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\82a4660f57e41bfd7840c02ca42c31a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\82a4660f57e41bfd7840c02ca42c31a0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:5076

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-355097885-2402257403-2971294179-1000\desktop.ini.tmp
          Filesize

          43KB

          MD5

          aa17b5c8200fa1151410b19a65f4a656

          SHA1

          c9257955dbc355da924832135f2acdc7b2248a62

          SHA256

          75b74cd2873c7d05ac2b1a891d39a5f2b85413af0845112d29881ac3ee60c60a

          SHA512

          55139148484e57a7805d614d306d6254d3cc3f2a30703a117c3e2a93f47ea87399125e0d5e05e6fdbe05497c7901643c420934bc474646031da1765fb2efd228

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          142KB

          MD5

          aaa87aef3ba590b4c9584b7b8a958363

          SHA1

          32d91383704e58bfb00790bcd4d47f38a6d8dcb3

          SHA256

          c8bf1afc6e6ab7cf3b74562b1706df5dee5f1f0ad3c862f21244974bb25cf87f

          SHA512

          531879a4cdab50110528147e14f68b8eec18b754da434035a599f7ce64beae1583415d32a06174551e4e6713b87e181bf3a97a1972415f7329a7fcfae734e6f7

          Download Submit

        • memory/5076-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/5076-956-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download