Overview

overview

9

Static

static

7

815b32b8c5...0N.exe

windows7-x64

9

815b32b8c5...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    09-09-2024 14:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    815b32b8c5d5ec2da65c5594e7c8e640N.exe

  • Size

    83KB

  • MD5

    815b32b8c5d5ec2da65c5594e7c8e640

  • SHA1

    92cb99bad0b4018a78ff0bbcd64cee275dfb6a6e

  • SHA256

    df4c3a4013078a20285f6c6cefeab02162147ffb3668394befcf29ebb3ee792d

  • SHA512

    7e6172be5f5cc92162cab4efd00d37ee404cdf158e5bd782d57512913b046aff3e50cf3da9e3cecef99f445a1531c9be9740de913e7804b789f0ea698197eec4

  • SSDEEP

    768:t6bMCc2nQUM/zX1vqX1vcjyjWWbW4zhLXJ4FhLXJ4OpZtszpZts1faF/MF/u:t6whEUyjK5yOpjszpjsi2W

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (2934) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\815b32b8c5d5ec2da65c5594e7c8e640N.exe
    "C:\Users\Admin\AppData\Local\Temp\815b32b8c5d5ec2da65c5594e7c8e640N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2292

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
    Filesize

    83KB

    MD5

    8772f122a2613bff4a17bc00d321156a

    SHA1

    b5f95bde7649a7423347252bf354a2f5da5b87bc

    SHA256

    7a08bd19457562f4320c5e1f4decea67fa184688a2d956c58d82107ba550acad

    SHA512

    6a3181b6749870dd9f59d9b3e574a4b82029d55c5665976a494d89aa2bdf5a2f580dbd4b8df9b4407548774e1e876df0c674f05ab7cce973ccece1728f740ce4

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    92KB

    MD5

    0b24f8e2e222dc8e40ffa46767d84fe0

    SHA1

    ef8c94821af8ab831384865d576040dd8455e44a

    SHA256

    5e9d4508ed0e8a8f9ac08c9e4a5a18e70a34983836c4911bee959a316c97fb81

    SHA512

    7108c4c7e33c220bc2c49a9801f5fe1cba0300321c5b532562b4d3fb49d43a63940eba4418bfdd088ed2326f7b8acd698b4ec31d1d1b0b7dad5cc3ed608f11ce

    Download Submit

  • memory/2292-0-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download

  • memory/2292-70-0x0000000000400000-0x0000000000409000-memory.dmp

    Filesize

    36KB

    Download