Overview

overview

9

Static

static

7

217fe9c237...eN.exe

windows7-x64

9

217fe9c237...eN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/09/2024, 19:08

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    217fe9c2375a771c937ba86b64250656f6d4f7ce29678134b4302564d5b87feeN.exe

  • Size

    72KB

  • MD5

    1abf1cc59ce2e7319ccf8c2988275d60

  • SHA1

    f6fda5641f252ed1660502b9a53d9a801abb8649

  • SHA256

    217fe9c2375a771c937ba86b64250656f6d4f7ce29678134b4302564d5b87fee

  • SHA512

    af1db3594f0d6e2757336dfb4495a69c3e2d272afab2665bf896df2053cb2d56b48ec019d70656bbe7cfc6489b1fdb73bbb2ad6c283a152b86ade69003318578

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjSEXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2r5:V7Zf/FAxTWtnMdyGdy4AnAJYq8Yqb

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4613) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\217fe9c2375a771c937ba86b64250656f6d4f7ce29678134b4302564d5b87feeN.exe
    "C:\Users\Admin\AppData\Local\Temp\217fe9c2375a771c937ba86b64250656f6d4f7ce29678134b4302564d5b87feeN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2388

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp
          Filesize

          72KB

          MD5

          d951d52c499798333cdd9a098dad9d55

          SHA1

          aea125a4f995b9062e00eef4aaa01654d2634edb

          SHA256

          fca44e1cbef0d06d0973949c571e989699b717231b873da8d012f7ea400d12cd

          SHA512

          59846c0764cf818e8f245752b890ce4f2deab9bec131935954ca551082931598300b504dc6a2e202b44c88539835c7dc0a5a8d8faacb0724e1c5087aa93afbfd

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          171KB

          MD5

          ebc49cc3b81dcd78e9bc0294498415b9

          SHA1

          b61d7b11a737808949f060751d9da14d0eb7aa6a

          SHA256

          b8cc937cd40a73d44ba7012f99fbb01259fad60d272d6ef42a6800a69a296a4e

          SHA512

          bd5d27f3456a2f80bd0024247e376f2b75292f0132a06a0e9df3743a4c90cd40c85c1c76630cab759e1bdd83796e902886d40b471deed8ac7c2f75f606db3f8f

          Download Submit

        • memory/2388-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2388-870-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download