Overview

overview

9

Static

static

7

209f09af4f...9N.exe

windows7-x64

9

209f09af4f...9N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    18-09-2024 08:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    209f09af4ffaafbb56af6672e5e2035080f399317cce25ae0a85c7f92cc77bd9N.exe

  • Size

    85KB

  • MD5

    dad7eeb46358a8ddfcdd8b57aa260da0

  • SHA1

    3eab88970f0776697d57921e6c476aeff6bb4168

  • SHA256

    209f09af4ffaafbb56af6672e5e2035080f399317cce25ae0a85c7f92cc77bd9

  • SHA512

    c445f154a0791ff083fc772cbb1c11ada3ea62e41389776b37bd40cc306adc17ceca6d9bb1c3f0def99abe6fb41e2b19a54ece149431ff64642cf99a48c4b3fe

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8IZiLG6JLG6m:fnyiQSo7ZiLGMLGL

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (2894) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\209f09af4ffaafbb56af6672e5e2035080f399317cce25ae0a85c7f92cc77bd9N.exe
    "C:\Users\Admin\AppData\Local\Temp\209f09af4ffaafbb56af6672e5e2035080f399317cce25ae0a85c7f92cc77bd9N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2212

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp
    Filesize

    86KB

    MD5

    bc8da666566f22a9694b14eeafe36d91

    SHA1

    185e2952fa76460b66631da573f258b2463fa3fe

    SHA256

    f4d7a637bc98fb91663c46ddafd96b1053aa695ab2e95a38126e8afd4373f19f

    SHA512

    ab4c025458b332050192696fa326a53443225e7ec3784ebedd91eac1181e9911d134257eaea2b1eeff030341e8287b547c93338e24317004f91e040ecd621700

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    95KB

    MD5

    e3e644c97ae56c55b5e97e11dac98449

    SHA1

    902731d58e72b2d44ffb43ac5dd52f572f6cb752

    SHA256

    99a672b632c13c2d011398759217c963ee1945a3e20517616ceff83677586dfc

    SHA512

    e40144f3e3c3f50db1dfd9c9b3d9166463a2f8034bfa44a0bd2db8653fc4e59c1bf34e947b6f45a8c1129c9cd8a6c862252b0f47a58581c4075d01bdc3fb6489

    Download Submit

  • memory/2212-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2212-70-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download