Overview

overview

9

Static

static

7

b967202a90...0N.exe

windows7-x64

9

b967202a90...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-09-2024 11:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b967202a907e2c8ec0b49748f7dfb790N.exe

  • Size

    32KB

  • MD5

    b967202a907e2c8ec0b49748f7dfb790

  • SHA1

    da538823cd5551692a3094af3ec1d56d48faa879

  • SHA256

    08865f24b60e042692443cdf1f1563d48d0c19cf27d2f643f440956643bba4ed

  • SHA512

    bc93339d8ede37b8536aa5b3626db5591f5498adc989b71356f30f4fd564a593303699b8fd7fbe218d0a6530d81167740a4b1350fd3d7c376176cf2c390211c7

  • SSDEEP

    768:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJhATBApwp2ZgZ7FATJGxHFATJGxs:CTW7JJZENTBAOUYo

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4647) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\b967202a907e2c8ec0b49748f7dfb790N.exe
    "C:\Users\Admin\AppData\Local\Temp\b967202a907e2c8ec0b49748f7dfb790N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2688
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=1432,i,12470628711992022444,7767535593390851522,262144 --variations-seed-version --mojo-platform-channel-handle=4292 /prefetch:8
    1⤵
      PID:4832

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp
      Filesize

      33KB

      MD5

      3ff7a7a63c20b0832cc9f76c05b6fbb8

      SHA1

      a8bcc0ef28f481dd9d86acc5859b319ab3897429

      SHA256

      4518641949150ff3e1401eee2be09bad4da820c975c96918c40fb890f919d964

      SHA512

      d4d40e867c46385081d6b1973c05fc450d49ecbed9d1e4eeac26b74b7f52bfc51c45b26d2b13729bcfdb293d24f6b9be004aca1f8375a4cd04bbec75eceaf2a5

      Download Submit

    • C:\Program Files\7-Zip\7-zip.chm.tmp
      Filesize

      145KB

      MD5

      8cbdf3d68d13c8c464352b40580b0efe

      SHA1

      fb1229f6705f4c0bdba412765e1df04a0cd1d4c4

      SHA256

      c51fe26d030fa4651675efe26abd55c7205bd79adbb8edb1997458b052e94ba8

      SHA512

      16aad0a7785def3a21b6bc62fe7553a8e8973f4cfea6601a39f36de89b6a85900a39b40630c2f1fc0418fb3c3e81a0f8331c47f0f5863cb5dc69f51cd92383b3

      Download Submit

    • memory/2688-0-0x0000000000400000-0x000000000040A000-memory.dmp

      Filesize

      40KB

      Download

    • memory/2688-902-0x0000000000400000-0x000000000040A000-memory.dmp

      Filesize

      40KB

      Download