Overview

overview

9

Static

static

7

dd78f17aa8...5N.exe

windows7-x64

9

dd78f17aa8...5N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-09-2024 06:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dd78f17aa868fa27bf1e1c2de05a2d11c044bc13e1aa3d5d846f9d11cacbd165N.exe

  • Size

    37KB

  • MD5

    94e407562001412f9e8057dafbafe4e0

  • SHA1

    c469dbba49e623f5f15d7faf3d1059e8a2904c3a

  • SHA256

    dd78f17aa868fa27bf1e1c2de05a2d11c044bc13e1aa3d5d846f9d11cacbd165

  • SHA512

    9828cde408c873dcf682cbfde79267f48b39e30c7c1ede4073dc307c298a886452d575b2c3b21f38f6fd319d138bd902e8c99a451966ba079b0e814369e64611

  • SSDEEP

    768:kBT37CPKK1EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcu90TKe+0TKe7Leop:CTWKWZ

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4679) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\dd78f17aa868fa27bf1e1c2de05a2d11c044bc13e1aa3d5d846f9d11cacbd165N.exe
    "C:\Users\Admin\AppData\Local\Temp\dd78f17aa868fa27bf1e1c2de05a2d11c044bc13e1aa3d5d846f9d11cacbd165N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3240

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1302416131-1437503476-2806442725-1000\desktop.ini.tmp
    Filesize

    37KB

    MD5

    04d0f65866e410c00610c69616d5e04c

    SHA1

    fe5d21ba316e945501317a75c7667e870451d58c

    SHA256

    94adeb3c19dbc84251dc12443394e5c54244e75898bb0242a830ebce6e43d4a9

    SHA512

    7643f244edba9668af03d9ca845bb6e7677f5d7051a181ad98fb0f432a04d1c7fa0291b52549ce1d3ead5d4700a168ea1f452d8b1a970d5c8df331cc691718cc

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    136KB

    MD5

    387e6330ae54f4314e5cc69fb91fe31f

    SHA1

    98d8ca0a4fdefd2c7ec21ebbebeb24e3b9735592

    SHA256

    66778b846b57e7801f1a929081904cdf026fc4d5ef9c5d0c1e946509ae97f6cf

    SHA512

    a7e00a512a7f731f3304f752143f99ffa4a56348978714e33dfcf3e6bfe515b83775d8461e84583e6484c7b66f89459a1fa9a7f4f0f0b92c628b17a76d436d0a

    Download Submit

  • memory/3240-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3240-927-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download