Overview

overview

9

Static

static

7

abb7761285...9N.exe

windows7-x64

9

abb7761285...9N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/09/2024, 04:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    abb776128595817fbb82d8acd5f76ba87278b0ad67404b65e5a6e3ff9ccdeac9N.exe

  • Size

    26KB

  • MD5

    ab4f09d4e879eb06c9e18a77ddb9ce10

  • SHA1

    36b98b6aed0a484f6f2e07a012a9af6d4477a096

  • SHA256

    abb776128595817fbb82d8acd5f76ba87278b0ad67404b65e5a6e3ff9ccdeac9

  • SHA512

    1b11f30205d490fd476ba48f2bef052455a801600869f65617ca399ac8a26f7a9370063d2d5f73ffc7f9f29d83db99cea2a87f99be7e4cd1c5d3ec8a0c0287f0

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI97LjLNLjLqOB:CTW7JJ7T1vJv2OB

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3443) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\abb776128595817fbb82d8acd5f76ba87278b0ad67404b65e5a6e3ff9ccdeac9N.exe
    "C:\Users\Admin\AppData\Local\Temp\abb776128595817fbb82d8acd5f76ba87278b0ad67404b65e5a6e3ff9ccdeac9N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
    Filesize

    26KB

    MD5

    5a47989e29e3c5855d55415ea22a817e

    SHA1

    e22be5241eafb819e5c4d2f3d12f206a48be9df8

    SHA256

    07a7dd940955b8aa15d1fd6fcea6035115368ab749f475250fd7df3808893ac7

    SHA512

    d7c4688de8bd84df2c064d86e6f909c576d149e3b2487f6d9885a594fa132e5afc9aa21bda88ff5cd30962b6ebe73e8d150c3b94f8ebc4608558837fd97808f5

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    35KB

    MD5

    d32ae551cd3172fc3b861824a76038d8

    SHA1

    c0f4375afc70c36808b5a4235ceb71e86a850923

    SHA256

    65f2756e2ea5adc06616a182fa873208f672ec359db3ee0f0b36e884924ffb81

    SHA512

    184c96a856a3dcec654156f6a1636c1afe55979dbbf40e625edf043e3b7a8b4330a97882176167aadccd16b260b0dd938abaeddb5e55d841097c7d185643c8b7

    Download Submit

  • memory/1728-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1728-75-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download