Overview

overview

9

Static

static

7

52420c7d05...0N.exe

windows7-x64

9

52420c7d05...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05-09-2024 12:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    52420c7d059e665acb1ae40390b7a7b0N.exe

  • Size

    59KB

  • MD5

    52420c7d059e665acb1ae40390b7a7b0

  • SHA1

    9083008e41d14367b34aef05ce3190a64bff51f9

  • SHA256

    5aedaaf2646e0dd0d30df072f68bb8ba61b76f29d2fe5d2a33849d9e82b60229

  • SHA512

    1f20dcc5d498fdf15369210a4173a7bcf948f7d21dda5187b4942eea9749421a6f83e030a8c721a0edbc7fc112b1290935b7b6bcacd4813a9cbe6edc18555bac

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNydWK9WKF9ADJ0:V7Zf/FAxTWoJJZENTNyoKIKMy

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4646) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\52420c7d059e665acb1ae40390b7a7b0N.exe
    "C:\Users\Admin\AppData\Local\Temp\52420c7d059e665acb1ae40390b7a7b0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4636

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-786284298-625481688-3210388970-1000\desktop.ini.tmp
    Filesize

    60KB

    MD5

    6b57f703328a530cca96f0a5230074cc

    SHA1

    8fd553dd9c66c6100742cb08f3952e8123a12eaa

    SHA256

    f64686b14277ce1a6f36e25d116954a92632368c73d6057124b0059459a9e449

    SHA512

    70e0d4a5f3d689257d874b7d96bb660017eec2733fb1f83bcd991dcf800bbe97f88420e6aa523e7b1dd17dcaceeed19e4b958ff7b9b1270469e8f7a82c43873b

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    158KB

    MD5

    560f1c870e9e972c7259e6aaa50d8055

    SHA1

    e421aba914df27d75e000fa7e2d9aac93ff1a2ef

    SHA256

    0cd03ba1c74e434b3f5120c74c2e325d0e18b0d86972b8ce1d580f4f281f0e5d

    SHA512

    ea31333e8499d40047166a5b110ada267d9213622eef5fb28d0444cb80fd3ae0c991b72bbdb7883feae8908d1e5ee5f608b526263ec9d7524d1dbaa3d19ee88f

    Download Submit

  • memory/4636-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/4636-876-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download