Overview

overview

9

Static

static

7

4a24ae98ba...0N.exe

windows7-x64

9

4a24ae98ba...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05-09-2024 20:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4a24ae98ba9df8bc6da214eb62598ce0N.exe

  • Size

    57KB

  • MD5

    4a24ae98ba9df8bc6da214eb62598ce0

  • SHA1

    b606dbc62e536de00c30361759aa7e69316ba20d

  • SHA256

    7284d8bf2a5f26391c1f2021258d9504f1394765cd7ad9982ac66b71970b4c66

  • SHA512

    f16081fc9048fbd6e7358b888bdd4fb70f294a010ea7824b22478bb6918526c15ecf2b1e258c3bd9b027d2c46255dfb9f348d27dc342574f5dfff4eb5e627efd

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBApwp133EskmKj:V7Zf/FAxTWoJJZENTBAOIfmKJfmK1

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (423) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a24ae98ba9df8bc6da214eb62598ce0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4a24ae98ba9df8bc6da214eb62598ce0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2692

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp
    Filesize

    57KB

    MD5

    1fd9a131f2fdc1079f7590ba000f462d

    SHA1

    14cf96c98cfaec487db443e68942f3877e6667a0

    SHA256

    1ebddb4fbd0fd8be3702f9d148384a838e14524210aa48e9b4a409e97f3f7696

    SHA512

    2dd8f115ef717af93983879e21841e8a196c6039ca13ac3befd9544c471dbcf2025f833ff0024180e7b0167ae103321d4aafd64a9a84f2e9fd7c77bb4a36aff1

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    66KB

    MD5

    109abeddc10c093c9f17d6607c66a622

    SHA1

    0d158b52a5ade089a6a91222f1704e6ee247413c

    SHA256

    72235ea99cf7186f07c7a97cf64bee662b5573016de4dd14e51082158b9f8d06

    SHA512

    aa0a4248d6779f03240070ac21a20e354692437e6ff7a45c8cdc6c7afc17b20ad4b5a6265ad1087b02bc2313e7374e798587535a0915ae0d96042b86ae3570f9

    Download Submit

  • memory/2692-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2692-26-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download