Overview

overview

9

Static

static

7

f884a67f42...6N.exe

windows7-x64

9

f884a67f42...6N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 02:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    f884a67f425b3778cb51bef44646de0a463c3663d78b04ed4490414abdf672d6N.exe

  • Size

    89KB

  • MD5

    a784a61084324dce6ba5d9f2d3fa2bf0

  • SHA1

    49e60d8529e6141ebfa40573a3c30f45cc11c1e1

  • SHA256

    f884a67f425b3778cb51bef44646de0a463c3663d78b04ed4490414abdf672d6

  • SHA512

    33246259efefdb71e45572db4303a11d5e18c3ad5c2aa6cc85b43ac651d9b0b544e0ffbeaf50626419ca3dcc2db075ab1533b510ad393347819f7b5a03187785

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8IZT+JZkeZrAJZkeZry:fnyiQSo7Za

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4647) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\f884a67f425b3778cb51bef44646de0a463c3663d78b04ed4490414abdf672d6N.exe
    "C:\Users\Admin\AppData\Local\Temp\f884a67f425b3778cb51bef44646de0a463c3663d78b04ed4490414abdf672d6N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:5112

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-945322488-2060912225-3527527000-1000\desktop.ini.tmp
          Filesize

          89KB

          MD5

          709d3f16834374f3374d0f8c4d3e4cc6

          SHA1

          61bd1ab45377647421c059db96cd0e1b0940e889

          SHA256

          36c7024d739e51dbf5df92564aa9461c9aaac18d045ebeccf6d73422f178ac0b

          SHA512

          553401aa4313a9508932210fecbc8420933fd5689e5c6b6416144b6c28ca4c6c01254bfa56156beed172bcd2cfdd14719f62308e7b889d5b4825202873516299

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          188KB

          MD5

          0d36f1ef11aff1c14eee025eed64cfc8

          SHA1

          6592d34cab029835c828a439ef198820f91532bd

          SHA256

          7cdbeeb3468490fcf0bbd7bd23d45722370e81389f61e6e6608fe2abaf17a7a6

          SHA512

          0cf8614bb82ec260944ef18f2fc4a413b7d2b2ccd2d5d496266b92e66ac62620e543ac5ed22a8c2e3e5b4af401af374e05311d70b2116d3b89be6bb41c35f4cf

          Download Submit

        • memory/5112-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/5112-868-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download