Overview

overview

9

Static

static

7

3860c52b5f...cN.exe

windows7-x64

9

3860c52b5f...cN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    93s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/09/2024, 11:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3860c52b5ff3e1691d9e92758123625adecb7a0dd6a090fffea5a0c1cb23093cN.exe

  • Size

    66KB

  • MD5

    ec4fa63c0cf9e64fc6b11bfb9acb2850

  • SHA1

    96ac5b253c0c4806ee711b3fdb3737a482143c4b

  • SHA256

    3860c52b5ff3e1691d9e92758123625adecb7a0dd6a090fffea5a0c1cb23093c

  • SHA512

    6a1571c827581b893d604cc3763c7f55119374722f07a00b8dfdda428c5175455ebdf3837e0c369ee54eae7f0141d5bc4ad4a0c7abfb8a94e8211d13f37c21e0

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNydWK9WKvh6SbC:V7Zf/FAxTWoJJZENTNyoKIKJ+

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4647) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\3860c52b5ff3e1691d9e92758123625adecb7a0dd6a090fffea5a0c1cb23093cN.exe
    "C:\Users\Admin\AppData\Local\Temp\3860c52b5ff3e1691d9e92758123625adecb7a0dd6a090fffea5a0c1cb23093cN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3876

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-523280732-2327480845-3730041215-1000\desktop.ini.tmp
          Filesize

          67KB

          MD5

          3f72947dbb180b1fa06fc20c53d92456

          SHA1

          2f48444c58196b44bbc8bd265258b7345d9b77ee

          SHA256

          24a24333ab5637361cf0bd8168ca5b5ca1a4c9c3ea906ea0e3dd1cd3449fdbc0

          SHA512

          b85bc0951c3be83c769d40733683168e71530a58f340fefae5c61fb39a1ec8ae814956d6115024727d2ea572df42c3ceef19dcdbf35e769b6db8ec0090c8c85e

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          165KB

          MD5

          1c9c9c525938ec7de607815e15c81444

          SHA1

          9fd32193a4113bc217eb7d9dfef03befa57a4671

          SHA256

          b9d7a328c00f6c9ba833d3384ef5e1cd4931af8ce035fb76b1295655b168f1aa

          SHA512

          da0cbde478bb961f0c14c509513afa9e2a7c3fae9a52d8ff3d2683a89ea52c9e3160e24c6adc8d9f7d349382b1d2b2ca01e1cc69d6d58acbe5364334dc5abd5b

          Download Submit

        • memory/3876-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/3876-862-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download