Overview

overview

9

Static

static

7

7a35302eb8...7N.exe

windows7-x64

9

7a35302eb8...7N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 03:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7a35302eb865e215486da9889196d4a67ed624b8731ee27023c64039ff5f4ec7N.exe

  • Size

    64KB

  • MD5

    6729e3ebbb743ef510be4b2188ecaa80

  • SHA1

    50e8b0b65b0e3f8f9e5f87f165bcf7c406fa71bf

  • SHA256

    7a35302eb865e215486da9889196d4a67ed624b8731ee27023c64039ff5f4ec7

  • SHA512

    3dd6d05a9c73b279089dfc5dc9087224e204b9b1157251d17b8454bff735d4db9a5334a22e3ea0fe92c1ad010b6898248cdd966e92ed7648fd5c0b5733f7ae24

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8IZT+JZkeZrAJZkeZrOos:KQSo7Zk

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4644) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\7a35302eb865e215486da9889196d4a67ed624b8731ee27023c64039ff5f4ec7N.exe
    "C:\Users\Admin\AppData\Local\Temp\7a35302eb865e215486da9889196d4a67ed624b8731ee27023c64039ff5f4ec7N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3004

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1194130065-3471212556-1656947724-1000\desktop.ini.tmp
    Filesize

    65KB

    MD5

    697f56397b4c28cd32b461edf9d99f0f

    SHA1

    5cac434c3797004254510fbf682326c3e3d2f94a

    SHA256

    f9f67195b90cb27041b3ee226473b97058cc7637855e7409d12a044e128eda9b

    SHA512

    5083d7d8bfc7256b430d83f36d20b25cdaf3f9dc7b580a0754bf4d530ccf1a62e29ba55be885577262c137d926a975d321c83cf5721bccd9851c04278c3b6321

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    163KB

    MD5

    d4cc9365ee886dda20099d3df2fbdd33

    SHA1

    e3ebb7c9d79256af85818ed509484d8b1e76370d

    SHA256

    71e31364b165603b0323c696a92ff0f6f3c4840acb6d74e169adbd7680fe51b8

    SHA512

    acbdd831d9df6c682cb39311e896a5231f7e18311ee1ca82c440a7d545ce71a8ed9859ad69acaa4c7f32acc193338ac85111fda8c015fcacd4dfea3740fa7d7a

    Download Submit

  • memory/3004-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3004-900-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download