Overview

overview

9

Static

static

7

103621bffb...0N.exe

windows7-x64

9

103621bffb...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08-09-2024 05:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    103621bffb41a16c0fc2ace312cdc050N.exe

  • Size

    46KB

  • MD5

    103621bffb41a16c0fc2ace312cdc050

  • SHA1

    726075e2af4f80ca71e634eb6a85c3004121c386

  • SHA256

    20ffc4e8ab63a0e427eca410d14204337413abc5aef990c112f2a067e442b4c1

  • SHA512

    a468db737eb49d991fdc7aa16317fca085e071c558297c8dcf887794c1a9648e2178ebab61dd2c4975c5ebb41cf1090033899b82c966d5ffb34dab7527963bb0

  • SSDEEP

    768:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJhATNyHF/MF/6m0mF09Ub9UZwzQ4NQ4X:CTW7JJZENTNyl2Sm0mSWbWyQ4NQ4X

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3438) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\103621bffb41a16c0fc2ace312cdc050N.exe
    "C:\Users\Admin\AppData\Local\Temp\103621bffb41a16c0fc2ace312cdc050N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3012

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp
    Filesize

    46KB

    MD5

    e8f9749eebfe17d0e3926c8db1d19fe2

    SHA1

    d135dea2512e3791b74b814e0f359b9127071289

    SHA256

    c31fde4b7f62e4033183cd4fd8798bdb43b631c4489974f246997c7b1ee93024

    SHA512

    7c6ab5d2347599b7149b17b4bea8197d622477695401ebf4a76598d57653e3fa43103464ff038df3088f3d016c9d402ab568c943f60c8792f334905c2d0b8c13

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    55KB

    MD5

    9dabf04264f51b18985355154e54ca6c

    SHA1

    474f5fbc97f1d383a3a594e76b76ca4b070d6404

    SHA256

    bddffb356f54e6147ba776de7908e3c10f26cbe65309561b5684c9bf794c666a

    SHA512

    0caa1178f602261a46755d5390f3c99261d0e348a0c2469fc22d5c7c9d6b25dd84b6fbee60f4ef41745091ac71ab968e41090f71ed3a4e12de6b5905dd072ae0

    Download Submit

  • memory/3012-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3012-75-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download