Overview

overview

9

Static

static

7

da8b76047b...0N.exe

windows7-x64

9

da8b76047b...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    05-09-2024 12:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    da8b76047bf13dde9b89570126ea6fd0N.exe

  • Size

    56KB

  • MD5

    da8b76047bf13dde9b89570126ea6fd0

  • SHA1

    a8d794acb38cc0e4fb0eb3b39411bc641b1b9a0f

  • SHA256

    7588a6ff607472d7eba6c3b6812fa89ad5d8c0920c95c6e0efa556e94ec29659

  • SHA512

    d6db0fe100eaeefb76541070d2742128319c400c43038d666ef2bfa8b1e38c6cdcbae7408c09e8ad7f6032cad74d20c59e025db96a3ab714d64339166861ed78

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNydWK9WKF9ADJI:V7Zf/FAxTWoJJZENTNyoKIKMe

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3123) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\da8b76047bf13dde9b89570126ea6fd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\da8b76047bf13dde9b89570126ea6fd0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3032

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp
    Filesize

    57KB

    MD5

    39f81ef611253755096db36dab44528f

    SHA1

    ffdfa9b813ef5c6d9af7ca88ab5d268fcd60873a

    SHA256

    cf56bf619c75d4431f54413af12e24f9b84d375567be26e29889f86851b6786e

    SHA512

    38dc42ce4521f691f5cce270b45a7fd7fbc1eff95d8326e5a71546ae80f9c2dac99b3965912970592f3438dc26555ba3cc2a900822e82850338374597d0ba8fc

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    66KB

    MD5

    7698c0aa70a93fc9b787afb9bb9eac7a

    SHA1

    2947d644a9fee966f9fe53ecac508a944ceb958e

    SHA256

    e8dcc920167cfa45754a6490b4f7139da1ea7bba890e6bd2d9749d78d77ee865

    SHA512

    29bfd3e547c8afef6851ad11426305fd55ba5bfb51d9f28e513fb4a60d02a14fe6716586882814796aff7e5881e6b280c1d2c86c65408f4cd4d73be186ae4a00

    Download Submit

  • memory/3032-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3032-74-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download