Overview

overview

9

Static

static

7

7d3b2f7e6d...0N.exe

windows7-x64

9

7d3b2f7e6d...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/09/2024, 05:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    7d3b2f7e6d3931363f6cabded2e733a0N.exe

  • Size

    87KB

  • MD5

    7d3b2f7e6d3931363f6cabded2e733a0

  • SHA1

    7a249eb366f509ab5b63ad3d7fe3db143a20ccf8

  • SHA256

    1951ec946683e02ae2af622ab8f99d2284c253c8d112dd2be6df3699fb553239

  • SHA512

    118f084530be4f9bb17167bb536567bbb8160de020742b1de65ea189cccae1d485e6894f91f060b729ad4dd6b3fc9ada18c01407286ae59cb5eb84559f61227a

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxY5p:fnyiQSox5p

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4576) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\7d3b2f7e6d3931363f6cabded2e733a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\7d3b2f7e6d3931363f6cabded2e733a0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2332

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.tmp
          Filesize

          88KB

          MD5

          adbc090777f9935e361c4d5a6d63533a

          SHA1

          7230d0c060ebc11b64bed8f8af02040ef15331fa

          SHA256

          59cf190cae13cdf65a672bf296733a811436b28cf6d48a9dfdfefad449be01d4

          SHA512

          4ef34356efe8646a64a543ac624da5666c610b908c2d5cca35f370228adfa3dfa0384379d31a89dd95e2638781cc5288e6ed53ecf88eeda824f68d19fbbc83cc

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          186KB

          MD5

          01d4081686e3cc3bf48bab437468cb4a

          SHA1

          606ee9242e37806e43429f5dd9df03617fe90b38

          SHA256

          659a0a8478197782911d6991e6cafd07f33bdc7d9c7477b3631ae4994adbf724

          SHA512

          c820b280f6ee09b6dab539f267bb56fc4dc3518792d3d7fc08720696289a338dc026b065f281d6e1191fe365da6a068285dc53c4c1b4f7d7d398c9f443513dd0

          Download Submit

        • memory/2332-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2332-860-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download