Overview

overview

9

Static

static

7

9862e6f2cb...3N.exe

windows7-x64

9

9862e6f2cb...3N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    18-09-2024 09:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9862e6f2cb25fee720d9d67c22e2d880636a5d51b163a3df57100785479d8e53N.exe

  • Size

    95KB

  • MD5

    52cf336fcad035691b5c836cf9919770

  • SHA1

    554206730df8cdc12197d0129c3431f904db4cf7

  • SHA256

    9862e6f2cb25fee720d9d67c22e2d880636a5d51b163a3df57100785479d8e53

  • SHA512

    668688d13c7e48a7dec4f2100f34f94bd5e1db9e2d51085f96f3d4f4f01f3091210d859f8b878f737649f125ebe93dfd9a1850aad5a8f3a4d9b447407749e318

  • SSDEEP

    1536:V7Zf/FAxTWoJJZENTBTYhQ9TW7JJZENTBTYhQ+:fny1tEuQmtEuQ+

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3084) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\9862e6f2cb25fee720d9d67c22e2d880636a5d51b163a3df57100785479d8e53N.exe
    "C:\Users\Admin\AppData\Local\Temp\9862e6f2cb25fee720d9d67c22e2d880636a5d51b163a3df57100785479d8e53N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2348

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp
    Filesize

    95KB

    MD5

    6a19b92d1a4f6aafee6655ffd9a80752

    SHA1

    9916751ca281c9769e74e427fe2ca1ed7cfc8fcf

    SHA256

    bf3257a57613cb825d160fef931123e2776eb34fd57cc5943317d64b417aa582

    SHA512

    d674dded4e18c85f6185de8685ef6a1f50571bdc33df0db89cbb1ed93fd8c987242f7ec1fde84f27693f0b247891746cf952d8077bb6ba8c7a92ee3ea609f856

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    104KB

    MD5

    cb2e587de6ffd2a8e9b943de4eddea79

    SHA1

    79b987b154e4291ffc3ff54c5b10eeab9d67220a

    SHA256

    0748580f1ac49ed077af594c29d5a00fd5ce4ffc2254dcbe8c241011f0ce8445

    SHA512

    6cc466dfcef0cb368f218d377f6f5b8afa313b4feadec78e559968ed35494a5d6a42214baf151a99f9845631da01ccdd0158cd97d80f076a7c486cd86b8c8b8c

    Download Submit

  • memory/2348-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2348-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download