Overview

overview

9

Static

static

7

3497dae24b...7N.exe

windows7-x64

9

3497dae24b...7N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-09-2024 09:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3497dae24b99d59bead10b20e9ced20d9b4466e36c1b3723c829ce1be6016177N.exe

  • Size

    1.3MB

  • MD5

    df6cb9918ee254ff95f2bfb45cdeaff0

  • SHA1

    ecda7214debb32da1a1454c827802ba13128e9a1

  • SHA256

    3497dae24b99d59bead10b20e9ced20d9b4466e36c1b3723c829ce1be6016177

  • SHA512

    b84570fbd3b46d7684104d79cbffc42506853bc37e57231139858bdc0e53017e82503c654522298098dae18624c5f0626ea11a37372816a0bd00ba83cc663c18

  • SSDEEP

    6144:KGnpAbswnDL8X8422OgNEnaOjeN9smOVvIM8k/zB6YaA:Tnq0aaA

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (1579) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\3497dae24b99d59bead10b20e9ced20d9b4466e36c1b3723c829ce1be6016177N.exe
    "C:\Users\Admin\AppData\Local\Temp\3497dae24b99d59bead10b20e9ced20d9b4466e36c1b3723c829ce1be6016177N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2060
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4048,i,10597648459838880772,16562651767759956329,262144 --variations-seed-version --mojo-platform-channel-handle=4468 /prefetch:8
    1⤵
      PID:100

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\$Recycle.Bin\S-1-5-21-2170637797-568393320-3232933035-1000\desktop.ini.tmp
      Filesize

      1.3MB

      MD5

      2fb42f939be867df5a66a61c22d02785

      SHA1

      e8ac7dd769ecdbf9c8c62d6594623c4b50e9e2de

      SHA256

      0e4eeeb9d8b4822b2a3782b0f80650755df83f34e16bbd4f355e89040eb5a7d9

      SHA512

      991e3da7773d647814c38243ad47d21806a7ff0039016e167099e6511940f15301a68e18758a1d96410903401795aa7ace3e8bcb60fdd508fe63b19f4d062cfa

      Download Submit

    • C:\Program Files\7-Zip\7-zip.chm.tmp
      Filesize

      1.4MB

      MD5

      e89ab4a5c1c029777eb57de41d998084

      SHA1

      f525bbef68073dff42bc8f19afdafffcdd6b8211

      SHA256

      c5ba0c60fba59ed5e0230f46e132aabfee8b2a87f18b731f0ffd07fb7ebb6a70

      SHA512

      079c3f2165fcedfaed5454fe6d4e7d5e0749c084904fff8a03938f40e0a8caef7b30c653600a636620aa45b8fdbcc9913a7d460baab2bad879db11601b6e7f5d

      Download Submit

    • memory/2060-0-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2060-320-0x0000000000400000-0x000000000040B000-memory.dmp

      Filesize

      44KB

      Download