Overview

overview

9

Static

static

5

03288aee69...6N.exe

windows7-x64

9

03288aee69...6N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    98s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27/09/2024, 15:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    03288aee6954899e975e665ef194712b864bc8d8fed42c5c1400bc7f8b250106N.exe

  • Size

    29KB

  • MD5

    60b2751e4ba719bb1895818aa65ca490

  • SHA1

    edc132aba9d5cecc9d44ed64787721ce6689d750

  • SHA256

    03288aee6954899e975e665ef194712b864bc8d8fed42c5c1400bc7f8b250106

  • SHA512

    7c59d9d12c5bca225cab7667eaa031f038a6ebfe09711fe7cc11206849e5d93e4ab9b580d81db791007bfd0af125342e63a45b07481d8af933f914ff3b80b205

  • SSDEEP

    384:QOlIBXDaU7CPKK0TIhfJJ1Evd5BvhzaM9mSIEvd5BvhzaM9mSsxmMxm9+9enq0vg:kBT37CPKKdJJ1EXBwzEXBwdcMcI9enct

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4649) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\03288aee6954899e975e665ef194712b864bc8d8fed42c5c1400bc7f8b250106N.exe
    "C:\Users\Admin\AppData\Local\Temp\03288aee6954899e975e665ef194712b864bc8d8fed42c5c1400bc7f8b250106N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1302416131-1437503476-2806442725-1000\desktop.ini.tmp
    Filesize

    29KB

    MD5

    dfeae6b52061bbb9d2ee5bd1bd860e2f

    SHA1

    d6140860f3f0d99b2898bb522dac8da3c06cb947

    SHA256

    0581b1ee83aa26781e581a50028916d0f95eb4557805133b1cb3cec3300f7903

    SHA512

    8271ed57fff3b8a4beba10344b9a0a7bc6adb77682af6de8b4332b336efea3764a066267aa274309c93171a7569d1dd50b0e1c438e23d7abc660607eae7aa9ba

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    128KB

    MD5

    937dff3efc2464db27398873c4f17b5d

    SHA1

    be2fccfd693471e518f1b3b2da16ae5a1fe37bea

    SHA256

    5b02f346912b8fdb7487992708f71e48fd90d6719347db667eb964b46bdfe824

    SHA512

    2e0f126f2f9e28724029e9d4494e6829ab952ffdd37b5bf986b7ea8e0cb8a23ed74c87d5366565e9a905e2866c9df77905555d7084b65db5e053fb139d7131c1

    Download Submit

  • memory/2876-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2876-859-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download