Overview

overview

9

Static

static

7

3d75d4ca91...0N.exe

windows7-x64

9

3d75d4ca91...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/09/2024, 18:50

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3d75d4ca9193300119c9c64a3ec833a0N.exe

  • Size

    41KB

  • MD5

    3d75d4ca9193300119c9c64a3ec833a0

  • SHA1

    f28f68e93ae337e064f45e53ad2ab7f50fbf05a3

  • SHA256

    c8f308e78d8ec5567f71263d3239f83c73bf522078f3deec414196609e32c09e

  • SHA512

    5bda2f5c378de8bbd635303e161a6a564f802499cc9064e5ae1fb8f737a26a9b3b562527fd91eb616f7a6eb486cbd84416de130a57a5bbe816ebc616cb803454

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcwBcCBcw/tio/tigchSKS/:CTW7JJ7TTQoQgchRc

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4679) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d75d4ca9193300119c9c64a3ec833a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\3d75d4ca9193300119c9c64a3ec833a0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3512

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.tmp
          Filesize

          42KB

          MD5

          1f68f555d3827fb4821119792840b761

          SHA1

          91c7332b19d3742bfa8e869bda953ea2452c8800

          SHA256

          0b9a3a192d70825f5fe926fe1d56b784bf2e80a055ec943ad8ff3211eda1c949

          SHA512

          2523fe7fba6093889707393ed6f60ad8e186a3e32c4227c0928660793fcd375342abc268b8b13f36fe8d97e76335f9d93ad6f4541796dd0ac57c9cbff57c3119

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          140KB

          MD5

          eb4601319768c59d94e8af705b5c3e18

          SHA1

          754ec70791124cdca35dbb5022b416a3a9faf752

          SHA256

          a017a8d365f9c7c334675220183b98b80460fcf3c08ca3ecdd5f7fc37c270543

          SHA512

          8afad4c0f7596b69ed0c9bdc1e9697418cb1e99583b085618540c8288f7b1d38946d5ed7020f6e50e82f6560b00c9bb7362946d6702b8b6b6491d2930c114d9d

          Download Submit

        • memory/3512-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3512-1007-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download