Overview

overview

9

Static

static

7

beeaefdee7...cN.exe

windows7-x64

9

beeaefdee7...cN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 10:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    beeaefdee7f9333296367a54ef2c8e26eed81f387a6777db62d3aeefc3b5e73cN.exe

  • Size

    26KB

  • MD5

    084756b040e4b86a0fd9a5323acc45c0

  • SHA1

    8ae0167ee5a4a11b228bddd60e07b1773dee750c

  • SHA256

    beeaefdee7f9333296367a54ef2c8e26eed81f387a6777db62d3aeefc3b5e73c

  • SHA512

    3b85101246988f703a75e704e93e2a6e278f6297da900fe88f6ccb3b36ee3764817cca7bbb5af846184d0a3f1da5f7a831857e34dade952026f07942644f59d5

  • SSDEEP

    384:QOlIBXDaU7CPKK0TIhfJJ1Evd5BvhzaM9mSIEvd5BvhzaM9mSsxmMxm9+9lPB:kBT37CPKKdJJ1EXBwzEXBwdcMcI9r

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3459) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\beeaefdee7f9333296367a54ef2c8e26eed81f387a6777db62d3aeefc3b5e73cN.exe
    "C:\Users\Admin\AppData\Local\Temp\beeaefdee7f9333296367a54ef2c8e26eed81f387a6777db62d3aeefc3b5e73cN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2120

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
    Filesize

    27KB

    MD5

    c452cb7f124a45e0560f87a63240f186

    SHA1

    ae79589fac002790524ff3ff64a8d683fa50e00f

    SHA256

    3297c8c97822267c7a7031f9ff418a685377ab936599ac548a2ac28f25a62410

    SHA512

    6841c53ed43cd84db0bce1eb9a9de92c2d97796523f238bdea0d455f49878e7fa82c8868e862d4c7030d28fcea9d0a84e36649e089a638679964b60f301147ad

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    36KB

    MD5

    4cf6134109f9087b1d204a6c6e1b1d3f

    SHA1

    1c887a0315afca6412960aef7750f31160147c11

    SHA256

    edec557275966a3e23dc5876e1351f9a91bd206fec8ebd582980d2e8cdcf77b1

    SHA512

    eba655d20cb26423f7bb49c007f17a37eaff8d5d3d7af0e5559f8e9bafff1928f09efb27b6484227de3f5ed5830027614a8965de586fbce073e2eb70e5fe47f3

    Download Submit

  • memory/2120-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2120-75-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download