Overview

overview

9

Static

static

7

6d6ab1a351...0N.exe

windows7-x64

9

6d6ab1a351...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    08/09/2024, 03:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6d6ab1a351638549d90236198c8de480N.exe

  • Size

    66KB

  • MD5

    6d6ab1a351638549d90236198c8de480

  • SHA1

    3f87dcd3c810c3c70a23de712bac503aeffd3f24

  • SHA256

    3794aff83e8e55b20c0ad50ccf2101505e0cf8cb50aec713b073a02dc0486752

  • SHA512

    e8684bbcda9bfae8c755fac203d2bda0835138bdda65eebe62cfc929ba91415bea2ee3db661f211a69deff3e8eaf11dbe294e2fbf114b569e46786fc18cd50b5

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8zxY5NKZDLKZD3:KQSox5WDgD3

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (2842) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\6d6ab1a351638549d90236198c8de480N.exe
    "C:\Users\Admin\AppData\Local\Temp\6d6ab1a351638549d90236198c8de480N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp
    Filesize

    67KB

    MD5

    c6d8a24db3fad11fa97aef9b559e66c9

    SHA1

    85ecc8eb6dd796e99cae770a47cb8e99ae212a04

    SHA256

    4986bd787a581b9e3bbe25651e106da13c1bc5409f6f6713f67d97533ff8f3ed

    SHA512

    8eb015532bd7a0695b1bd6cb34de104336013127dcb9f7e7fbbbfbf8925385f7b8013293806f8647e02cc0803837f5a726e4fec14500225e915e5bc9c415cba2

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    76KB

    MD5

    5203e55d4b15170c11116a19cd9af992

    SHA1

    5df0266c39aa2895b4db8cc0c89237776cc980b8

    SHA256

    7b0a28c84b71c2b75147ed62968f47c8fcf61d037e9d811343f9e3b039b06113

    SHA512

    c4e4bf19802a9abdc5fc57cb7af857dd7ebf5bb952d9f95537f2b3d5820b66cae8ee54dd0b02d00b44975dcc3fe2d4f0fe146fb11e54bed76cc7bfbef2d5c2af

    Download Submit

  • memory/2064-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2064-69-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download