Overview

overview

9

Static

static

7

bb81b2dc16...dN.exe

windows7-x64

9

bb81b2dc16...dN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 07:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bb81b2dc161ef13f39b2136721b9620b17063e60ac33798cb7087e8b701060ddN.exe

  • Size

    31KB

  • MD5

    80bd7f2d19dc270d31df448204c8ce70

  • SHA1

    55d3733a486ff2af216b81e6dee908cceb9be2a3

  • SHA256

    bb81b2dc161ef13f39b2136721b9620b17063e60ac33798cb7087e8b701060dd

  • SHA512

    363103e5b371f4ec78087d95816024dc56f06d576db7c5feeca04d53602c7b4833aa7756f2575f5474dbfb81e8629885f3880eded25c1c44baf32369fed20961

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9Ro+QOViJfo+QOViJ6KZONZOSBAoT1GxXupoa:CTW7JJ7TPU/

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4115) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb81b2dc161ef13f39b2136721b9620b17063e60ac33798cb7087e8b701060ddN.exe
    "C:\Users\Admin\AppData\Local\Temp\bb81b2dc161ef13f39b2136721b9620b17063e60ac33798cb7087e8b701060ddN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2112

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-312935884-697965778-3955649944-1000\desktop.ini.tmp
          Filesize

          31KB

          MD5

          f0a354911f8cb2c841195b82d3d1e1ae

          SHA1

          269011aca9322d40ada73973236584a1302e1599

          SHA256

          7aa9420671447658e6c635c8d754dcc008b09c78ff65b557e741078184fe281a

          SHA512

          5f50e525e09be19d0816940cc772695d383af37a94fb6fe4fc7602cc7831a562c395d6b76426923e2525e5dfbccf1072b6ecc2d1e65bbf49b92f9c52acaca537

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          40KB

          MD5

          b21fca927fbaaf2b7156824a027c14d3

          SHA1

          8b77c29b5aafe009cf139825a34cee1d9f7240bf

          SHA256

          d05bded39acf2c5bd10eac1d2e8c97968db1547288735da2e5a3f361ad73acd1

          SHA512

          4db2298ae574fa2ff7e9f5ab906e57b8a5f016e79783dab3de28c96c3227664a01d8fbf80c34d9b773e4bc5502fc3acb4f36ef1e997202642de3e628dce2486b

          Download Submit

        • memory/2112-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2112-75-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download