Overview

overview

9

Static

static

7

49b3d81534...dN.exe

windows7-x64

9

49b3d81534...dN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/09/2024, 16:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    49b3d81534bafe785061eaf1387edbf7d83e0507acf3318fe12930671f9fba0dN.exe

  • Size

    29KB

  • MD5

    a0384fb599b696adeebc1c6aacd0aa00

  • SHA1

    862146f30e9320b2a39a0ca61599af8fe4e4aaaa

  • SHA256

    49b3d81534bafe785061eaf1387edbf7d83e0507acf3318fe12930671f9fba0d

  • SHA512

    ecf586218aa57e23840c67d959fdf522d34529f6a99437d58ada4b9a1fcde2467c6fd1e91f7ec10d051eeda089226e2b0d409022e8c237ed68d51defa1ee3ebc

  • SSDEEP

    384:QOlIBXDaU7CPKK0TIhfJJ1Evd5BvhzaM9mSIEvd5BvhzaM9mSsxmMxm9+9qQg3QL:kBT37CPKKdJJ1EXBwzEXBwdcMcI9x

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4651) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\49b3d81534bafe785061eaf1387edbf7d83e0507acf3318fe12930671f9fba0dN.exe
    "C:\Users\Admin\AppData\Local\Temp\49b3d81534bafe785061eaf1387edbf7d83e0507acf3318fe12930671f9fba0dN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4228

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1302416131-1437503476-2806442725-1000\desktop.ini.tmp
    Filesize

    29KB

    MD5

    da33aaf3d78d0ca9d83fbbea9364f9aa

    SHA1

    a3e8a2b880abebfd12555c195d60a7cf8d901bc6

    SHA256

    ea05df730b6238cd4d59ebb41b3a393ac624dd2e0b5ab54300209b7a57432e71

    SHA512

    dab8e21d30a38cac3434ba21f630e4e70ccdb1688b4ef9ea55dbc1683d351735b6b6ebf53db68f1882337113f065a80bae3e17261e61e21cdcacbbc84f55530f

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    128KB

    MD5

    4682bebc9255d57023696f54e184955b

    SHA1

    f7358a07ba73b56374523480bf3c32af8a6d316d

    SHA256

    c66ce101ba914950bddd26eeb8597214dab6805c9ac554a532f5c47a4048a908

    SHA512

    673ad6778f9b60cd92c0fb7031a1d22356e843078ff8daceeb82abbe399dcbf78a3f7a8c4a262ce51ce214ac75274ff13eea769c6130af9dc1eae4e86059a03d

    Download Submit

  • memory/4228-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4228-873-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download