Overview

overview

9

Static

static

7

8a119c01eb...0N.exe

windows7-x64

9

8a119c01eb...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-09-2024 12:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8a119c01ebd4114c7207330b20759ec0N.exe

  • Size

    150KB

  • MD5

    8a119c01ebd4114c7207330b20759ec0

  • SHA1

    fef71ff55cdf6f66082a785861126afc018965e2

  • SHA256

    d1760d2e7c3577ce6867edc6ad5782927352d268be6f1b4038b0051f2b8ca0ec

  • SHA512

    4474c88e366c796d501889c97f92e7c74461189378e1428ad580687a83cddca3c8db9fb8f6c89a110fb1fc601b80ca44af19c8b2db00b0569c49835ebef0a6a0

  • SSDEEP

    1536:V7Zf/FAxTWoJJZENTNyl2Sm0mKuC1TC14lZfAt/KeB+wkcRqbdM5EFi01iFHCUiU:fny1tE42EjliT+ERqbS5EE01iFHC8

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4115) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\8a119c01ebd4114c7207330b20759ec0N.exe
    "C:\Users\Admin\AppData\Local\Temp\8a119c01ebd4114c7207330b20759ec0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4124
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4400,i,3210801877307184477,8078594481454001567,262144 --variations-seed-version --mojo-platform-channel-handle=3864 /prefetch:8
    1⤵
      PID:4396

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp
      Filesize

      150KB

      MD5

      bc3bea45e4917c7678d8c6ccf4e833e8

      SHA1

      cdb79d1f3b69a562cad004c09243696a818206b5

      SHA256

      61042257b73d52686bcbd011a00109c19a0d1d4ed7ea434ceeb7f31b577ae268

      SHA512

      72e34100a472f9cfc26fdd04b2a53cdad971c24f6e6f38a980f466afc641a18635b728cf20fe66e30905ab0f3a06b0683defea7a289de81726a81a05774def88

      Download Submit

    • C:\Program Files\7-Zip\7-zip.chm.tmp
      Filesize

      263KB

      MD5

      feb57aa72fc758cc43efdff6f153da22

      SHA1

      8f86b60ba766ca15ba1b663f5ce78fadc724ce87

      SHA256

      037fa652123d113e64507299f3132c5a8535b52d57a0a62179963a648c1bccad

      SHA512

      230f365122c7a1d50ce3e22a23376c868d9e241afa946cf65071069ee92c8d555b23aba3773feef4bcad103657b23a794dae37931786ec593da1a57e1391bc95

      Download Submit

    • memory/4124-0-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/4124-760-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download