Overview

overview

9

Static

static

7

9ee5091bc6...0N.exe

windows7-x64

9

9ee5091bc6...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/09/2024, 05:03

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    9ee5091bc62b7f6db7d3550d01844a10N.exe

  • Size

    53KB

  • MD5

    9ee5091bc62b7f6db7d3550d01844a10

  • SHA1

    a91011af0fb18ea197e5b729cab6da1e3bf40bd1

  • SHA256

    f27edb355c53408bff2c47328ba75b259c6d8dcb16e3cd165ab681297c8c2285

  • SHA512

    c6a336e2babd1c40fce03852930b1138d60df120f8625041eb8f3504cc5b6fbea6635b0332ed6db2b2f4a7b8364015b75321cc09da9454ba010065372b966d7d

  • SSDEEP

    768:a7BlpyqaFAK65euBT37CPKKDm7EJJ1EXBwzEXBwdcMcI9Aq:a7ZyqaFAxTWbJJ7TOq

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4660) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\9ee5091bc62b7f6db7d3550d01844a10N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ee5091bc62b7f6db7d3550d01844a10N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3088

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-656926755-4116854191-210765258-1000\desktop.ini.tmp
          Filesize

          54KB

          MD5

          d058c65fcc55e89feec7a71db05dcf96

          SHA1

          8f83ef0da66a9f069bee0c3cebee57eaad847df2

          SHA256

          e29892a53e59c87bee954f8fd49bfd05f8f9cf4e0def107d02274f7334147574

          SHA512

          3ad4afeef0b2bca7fd36f6d2218d43bf28d24bae2a6153f35b9e8b84efb3a43751cbb8cc2e45c8b847ebb8bb09c2845b383a7353bd0d11f9e734f6f13e9a4039

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          153KB

          MD5

          dc1a5602f21d184e088c4590e1130bd3

          SHA1

          5ecf8e39d80cb293c3a22372a8f397f63640d45d

          SHA256

          2453b69c638b49bbc7202540dbd9c3f181eaf3fec4bd9e7fc86e42323df5c9e8

          SHA512

          964b45bf699cde86a5e15c1e678e09b5b86cdc1486ef25aebdd9df67e159fdca627b053329245622ea294c621a4a8369b6171861d099fface723b1e95cb4e928

          Download Submit

        • memory/3088-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/3088-944-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download