Overview

overview

9

Static

static

7

f4a3975c66...0N.exe

windows7-x64

9

f4a3975c66...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    12/09/2024, 15:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f4a3975c6656c4d78ecbfed33952bc60N.exe

  • Size

    53KB

  • MD5

    f4a3975c6656c4d78ecbfed33952bc60

  • SHA1

    4812c8d8c6c9cc5b487991054462f9d796652ca0

  • SHA256

    08a347d0939d8e6e74952db9d58be5342e2762e290069cfc2c0197c9bffa433d

  • SHA512

    61fe880c212582138b7f5dcf33ba9a47283f32861f5bcd8c1c7633d5f0670ce4d6c5839fcbf0b4fee0c8afcbd73a8bdc5c2d117f6b922af8796061137cf2cefc

  • SSDEEP

    768:a7BlpyqaFAK65euBT37CPKKDm7EJJBZBZyF/MF/orMalYNR2F/MF/fgZga:a7ZyqaFAxTWbJJB7i2JalYNRs23gZga

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3252) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\f4a3975c6656c4d78ecbfed33952bc60N.exe
    "C:\Users\Admin\AppData\Local\Temp\f4a3975c6656c4d78ecbfed33952bc60N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2000

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
    Filesize

    53KB

    MD5

    865141b09d7cc4bcc202a475bee3a948

    SHA1

    601fd4264efe69856fb73bdddbe48fce5ec2bfc7

    SHA256

    4b858c5ecd987c9d123cb8d9b083883e5effdbe0af7aae19a881b5e2bf12cac5

    SHA512

    108b28468ca3a5ef6eb98a871cfe503442dc44fa0dd1a7a60675646048f9802d9f2f04c89086c51abe7b19d1b113593cc6145ac4ef7723aa3bcb22f61dec2cca

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    62KB

    MD5

    6d902be2e466781dde6bfbae52508ba7

    SHA1

    d53148e88921d725098ed8afa28d7f1da419216c

    SHA256

    f0152edf5fec834dfd33d5e8c0547c06ebbe99d9301152b4727076161ed44023

    SHA512

    8aef222cad4d28f42768d1933c586053184481e5fc7f6d5fc05b7c3515e5e9092af7e4aa9489cb548e928627b93ff8b87203681261bc9bdf2435afa4f132bc32

    Download Submit

  • memory/2000-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2000-74-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download