Overview

overview

9

Static

static

7

d68a3e2601...2N.exe

windows7-x64

9

d68a3e2601...2N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    18-09-2024 08:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d68a3e26016aeb95a4ddaeeae80fd72dc6a7635ac68ff6dfc58b6913e6704c42N.exe

  • Size

    62KB

  • MD5

    a6f47ef603f3f82dd17e27481eb41910

  • SHA1

    a29d704694bea30ad75c6891dccf6bbfc3f1c87f

  • SHA256

    d68a3e26016aeb95a4ddaeeae80fd72dc6a7635ac68ff6dfc58b6913e6704c42

  • SHA512

    91c73eac6e1bdf16fb68e3f4976f1d51a6a1dedf2d8b647c909465380beee35d868cdf8ccc670b3c891f96bece35b6233801759664c047ba262c0b7533468640

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBaH0PcR0PcXn5S:V7Zf/FAxTWoJJZENTB4JRJX62feNdNt

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3259) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\d68a3e26016aeb95a4ddaeeae80fd72dc6a7635ac68ff6dfc58b6913e6704c42N.exe
    "C:\Users\Admin\AppData\Local\Temp\d68a3e26016aeb95a4ddaeeae80fd72dc6a7635ac68ff6dfc58b6913e6704c42N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2432

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
    Filesize

    63KB

    MD5

    92ba5c7b9e9a34f3c562464574b6c86f

    SHA1

    818560ff0cd7cd9c5a5597a83fbae21429222104

    SHA256

    676feb48f8d0dfebb0d5116c1135549c7b5cd99ffe88ae7228c9c3ee9c08af46

    SHA512

    be4db5ef6b05e2a927cf6a09c33307e8a83b4e8b0b7ca522760edde3c259bf01e911c322f514f72d97cc683a899abee69b8d01ddbc32d4520722ef373078927a

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    72KB

    MD5

    37a13a5517ab563cc1dae90664810239

    SHA1

    e9f93775ea9847774e111cffe07574a675242ac0

    SHA256

    e157aa9543c694f07267d7a0f16d50d72e56631e07fbf791ed002d78bc6c2d42

    SHA512

    aa4d71d521f5721ebaf006a0c7978c96a87693e43047aab5cd730d4a09f3eefd9a227f95a2422808f7875b212f5b24f962348c72cfd16bf458b4204d01cf07eb

    Download Submit

  • memory/2432-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2432-74-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download