Overview

overview

9

Static

static

7

7d3b2f7e6d...0N.exe

windows7-x64

9

7d3b2f7e6d...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    07/09/2024, 05:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7d3b2f7e6d3931363f6cabded2e733a0N.exe

  • Size

    87KB

  • MD5

    7d3b2f7e6d3931363f6cabded2e733a0

  • SHA1

    7a249eb366f509ab5b63ad3d7fe3db143a20ccf8

  • SHA256

    1951ec946683e02ae2af622ab8f99d2284c253c8d112dd2be6df3699fb553239

  • SHA512

    118f084530be4f9bb17167bb536567bbb8160de020742b1de65ea189cccae1d485e6894f91f060b729ad4dd6b3fc9ada18c01407286ae59cb5eb84559f61227a

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxY5p:fnyiQSox5p

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (2943) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\7d3b2f7e6d3931363f6cabded2e733a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7d3b2f7e6d3931363f6cabded2e733a0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2724

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3533259084-2542256011-65585152-1000\desktop.ini.tmp
          Filesize

          88KB

          MD5

          0976108099a1bb58daf3b056d677bf85

          SHA1

          f9c3cdad2ca200e2fb44d2aa7a64d82da0d10096

          SHA256

          aa2af68fd4266c9006c30eb167cd119e657470988e626767542590e7c36b2154

          SHA512

          db468019778a405cb866a8ca0cbe3e9ecf39595322ca4a78a1f4b72076f1fbab1d7d409be49af9c96732c3eeb3863b807801c141e9e98f5a5469ddf476daa3b2

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          97KB

          MD5

          4313276f8652ceae71d3b132c62548ed

          SHA1

          93ce1d739ea8b2f71332651d14cfa639072f9dbf

          SHA256

          2daf7d1c3b1fa0c4f62642da80b61cee352139b9fb470d548b0ce6bce4435c3f

          SHA512

          e0bab0379945d045f72b024d3e19ac503d229ddcf824c2a13ee8d0ffc67a922b2cd5a8d158dbcfe1af16aa29bc3c3bde194956d19ef7058f6a7f7d155bae28a6

          Download Submit

        • memory/2724-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2724-74-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download