Overview

overview

9

Static

static

7

3d85607ab2...dN.exe

windows7-x64

9

3d85607ab2...dN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    21/09/2024, 20:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    3d85607ab2b01d4433ea5a56ee2cf8eb56d1b32445a2d483f4ddff59549eda5dN.exe

  • Size

    62KB

  • MD5

    a67ad671d61f38662a737173d72c2a20

  • SHA1

    98a2cb6bbc50f0344d5ffd2153a31a4a7fe45267

  • SHA256

    3d85607ab2b01d4433ea5a56ee2cf8eb56d1b32445a2d483f4ddff59549eda5d

  • SHA512

    1e2ac0c097ac6c47f42d78586c188c4b60e0ce870fd638a068182eb7baf3b9e43a58bdd15934b862f498813ea86ab7e416590c9f3c1ede4e8ccdfd27b33af05f

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBApwp133EskmK5:V7Zf/FAxTWoJJZENTBAOIfmKJfmKj3

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3102) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\3d85607ab2b01d4433ea5a56ee2cf8eb56d1b32445a2d483f4ddff59549eda5dN.exe
    "C:\Users\Admin\AppData\Local\Temp\3d85607ab2b01d4433ea5a56ee2cf8eb56d1b32445a2d483f4ddff59549eda5dN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1864

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp
          Filesize

          62KB

          MD5

          5f525bc5422ef93a97d036453cdec045

          SHA1

          4a9e3f80746b748eb6eab428cb896c18aecf083f

          SHA256

          c4c2e085574849e132220a92eec6acd545dbf734c58207c1457223340a139320

          SHA512

          ec383a3da11456b9ea7f72562fbab5364056e05fe52d24a623a552845bcf5efb8827c00323ef9824c00a734826bcfdd24838c169724036395ac0cf4b193e647b

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          71KB

          MD5

          e5c4e64b3ead5e62af60741e180b995e

          SHA1

          efa4262047490ac7a85b3605b433ae82cf1dae03

          SHA256

          f515f1c2c5339eff49aa8b3f76e33aee2700a362b8275b2d967874687c16fcec

          SHA512

          8fd07ee5c1a8acdc585bb5f19bcf4a7e35b9e9ae4f5417c3bb257aaa41054a0a72549596256b2a2bedf7a1acec5f36ac27a41b4bd5f66cdde3ffd182443599a9

          Download Submit

        • memory/1864-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/1864-70-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download