Overview

overview

9

Static

static

7

9361d16391...3N.exe

windows7-x64

9

9361d16391...3N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    19-09-2024 05:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9361d16391770a71c0329cace67e03e3cd5cd25ccb553e7bcbac72a08b998d33N.exe

  • Size

    36KB

  • MD5

    8d757ee13a1d04767c9fd5a099e8bd10

  • SHA1

    7d16c99bef7fa0779540bcea55d5b5cc3ccbf874

  • SHA256

    9361d16391770a71c0329cace67e03e3cd5cd25ccb553e7bcbac72a08b998d33

  • SHA512

    46fa1571b54ce3c477a08f25b803d533147ce186cf7ffe147d6b685382e30986fbba0a22b7aa6616f4af455feeba073ca45fd3e3b3e8d7298c399b8f09046bba

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcwBcCBcw/tio/tielx:CTW7JJ7TTQoQg

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3267) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\9361d16391770a71c0329cace67e03e3cd5cd25ccb553e7bcbac72a08b998d33N.exe
    "C:\Users\Admin\AppData\Local\Temp\9361d16391770a71c0329cace67e03e3cd5cd25ccb553e7bcbac72a08b998d33N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2280

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3290804112-2823094203-3137964600-1000\desktop.ini.tmp
    Filesize

    36KB

    MD5

    02775429b3e4e4a3b79e56d849436bee

    SHA1

    567fc2425a4e2fed0beb72ce26baaeb362d6f062

    SHA256

    ff7cf82877e170b6922b6885cbd612b3fef3e59cda170de77432402512c2494d

    SHA512

    f6cb973b7b8d0bf9a61e199829b1d9a9241461ce5a27ed4618dfcbdc38f6f43dd265aa2a88a7b3dd0ea3920f9eb887d3c9f22608519172a865d6fc7e0aec3f93

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    45KB

    MD5

    03e42f6822980285b91b8a0021121faa

    SHA1

    4c3df34ece8ea56e7cf6920f37b60641c07a88b0

    SHA256

    00728e25fe84187a6fe2872ba6a1368784f7c486c108c2abbc4b874b21dcec8c

    SHA512

    ffbf64d2c94439f98de37daf2eca609b0bfddf642e816bc49f034ff09a55c9820faccaee76f6329d45d4ab0ba5099b37b660913c8402b3ffbca04d4778570171

    Download Submit

  • memory/2280-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2280-75-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download