Overview

overview

9

Static

static

7

dfcf22f84d...0N.exe

windows7-x64

9

dfcf22f84d...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    109s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-09-2024 07:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dfcf22f84dedd3943699ac38947747e0N.exe

  • Size

    838KB

  • MD5

    dfcf22f84dedd3943699ac38947747e0

  • SHA1

    0dbadf60e81e94e6e17680d86153be27288e07f0

  • SHA256

    067e763c4e9a1e49aed4e3208dd41c9dc7e932e2a4056f3b249ad460ca256ea8

  • SHA512

    fd8eeb371653f2c9f8e5858f8567308e344f95628e5f1cbedb40d5cc170241544da4530922946293fac7ce174b1182146178320273b0887713f8c86f8777e0ea

  • SSDEEP

    24576:ShV56pKEBhC8iVXrWgqAipHsceoiBX3X+W+k:SV5UPmZrAHfiBHX+Wh

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (2044) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\dfcf22f84dedd3943699ac38947747e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\dfcf22f84dedd3943699ac38947747e0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:224

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1302416131-1437503476-2806442725-1000\desktop.ini.tmp
    Filesize

    838KB

    MD5

    7f9322ca3e1d7481ed4e81e4b9f6637d

    SHA1

    921c142fa3bbcc8392e362d8f1050a741a417107

    SHA256

    1dc533c852cb6bd4ed037ee2ba8813e03e0e535a839901cce4eabc374b602490

    SHA512

    cedff1ac8fcc9e00e92a4fad85b43893c6dd3e4ec15d309a3869c196bcb5ac259f153c7851a3ad514b6b6c2255e7897e392fd8671272031da8a4fa3abd18bf60

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    937KB

    MD5

    537b2b5d6326c2efe2f593f138784dfd

    SHA1

    681ba5f73de0b691480509739d033bbdf992beef

    SHA256

    30142747528465c85119f0c6121ef37e9b1eff07e36143b122337cdcb78536ef

    SHA512

    5bf0882f11d3d6b48aa4932979c6ef6f1da1aa81d4ec8ff3e7f3e67a9b887e6d0137049c83ce244e0ec0dd01c424c243f27087a97826c496b6fe0328d5aaa22e

    Download Submit

  • memory/224-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/224-420-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download