Overview

overview

9

Static

static

7

23893164ae...0N.exe

windows7-x64

9

23893164ae...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/09/2024, 10:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    23893164ae08aff0728f1c4bdf6be170N.exe

  • Size

    95KB

  • MD5

    23893164ae08aff0728f1c4bdf6be170

  • SHA1

    dd5e9591ab5b4490a6b58c76fe1016bab80a1dfb

  • SHA256

    97ed86dfb48bf2d3efc0cfbef63dba2de2e7fd8089a1ed9b20d01528ac49886b

  • SHA512

    b4a07ca309eb6ab65fb85d06475ea43627088ca6db5056bc6b90c94b991ff2a71c190d8e1de6cfae0391c7a8a683f7f80f38147c3ffb6e7af1ba05925ace1abf

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxY5DSKE/MVAF8hRrnjRuKy+yMBTNZHc:fnyiQSox5DSKE/MVAF8hRrnjRuKy+yMO

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4393) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\23893164ae08aff0728f1c4bdf6be170N.exe
    "C:\Users\Admin\AppData\Local\Temp\23893164ae08aff0728f1c4bdf6be170N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1788

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2412658365-3084825385-3340777666-1000\desktop.ini.tmp
    Filesize

    95KB

    MD5

    926d9bfedb9a4cd7a5da099957aacf2f

    SHA1

    d16e8980aaecea82742ced4a1d43e3f797a67c6d

    SHA256

    87e3d1dca4a4b5a210c98d1b4df7c7b5ccc26125ffd6f9e90072b9242303532a

    SHA512

    aab7640f5b784fda6b7d5e26ecd339a9671c56ebdb8f6d411f61a3b51d5e2ac8f2134951af292ca004e2922bf6a2e49def63527031cbf46b2f51613df6ad4b3e

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    194KB

    MD5

    a4248206a9f9bea54de12935048a1a6a

    SHA1

    cf0d9b17e4ab110be5c2416d86129640a22d43d0

    SHA256

    0d5a804d922235be726c80180dae912419d80e789ca557fe2a39043ed451b3b2

    SHA512

    092cf425d2b0afaf0d0f59011c4b703a225276f23c094186f771ee728488d3bff102414ba093b9c2deed298cb9ecb18f88a32f00f967e3cbd5994cbba1ad06ae

    Download Submit

  • memory/1788-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1788-848-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download