Overview

overview

9

Static

static

5

889f58dbe5...dN.exe

windows7-x64

9

889f58dbe5...dN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04-10-2024 10:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    889f58dbe5b3c0c788163c1ebbd4fc2d293d1ba47769413fb6738a6a5c1c41fdN.exe

  • Size

    36KB

  • MD5

    a77745be7552dc3ea0d7e1fe4ffa7270

  • SHA1

    341cb6851660a5ccd899a4c13f8fe194d73a598f

  • SHA256

    889f58dbe5b3c0c788163c1ebbd4fc2d293d1ba47769413fb6738a6a5c1c41fd

  • SHA512

    5b90809bc7d8c1d5079f576668762817a61395c2ca3cc440fa1faa94b480ff7320ff0d9706a5468365df7e3014a7992cdb915432d44ab20ad6163c148a2e8a4d

  • SSDEEP

    768:kBT37CPKKdJJTU3U2lRtJfOn33EskmKs333EskmKsI:CTW7JJTU3UytJfOEfmKjfmKb

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (1252) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\889f58dbe5b3c0c788163c1ebbd4fc2d293d1ba47769413fb6738a6a5c1c41fdN.exe
    "C:\Users\Admin\AppData\Local\Temp\889f58dbe5b3c0c788163c1ebbd4fc2d293d1ba47769413fb6738a6a5c1c41fdN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2720

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-457978338-2990298471-2379561640-1000\desktop.ini.tmp
    Filesize

    37KB

    MD5

    6b904897454db9ab8b36ba5bb4740e64

    SHA1

    c392c9e0a9f1b866777890868d909824809353c3

    SHA256

    627612a8ef76da04aa220b199b66ebe36ef5a561bf15b143726baa0e99e5eacd

    SHA512

    ae834148ba84b9544770066e1177257756fff88e42ded6391f09c3117409c7bc93b1485ca0be7e57d741fb80b4de2d0f5a444081ae7ae30192ef0cf30dcabc13

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    46KB

    MD5

    38b7b71d64dd7bbbb64b91a11a5c72fd

    SHA1

    c7ec41deb00ffb48d7e903cb3f7e321bf3c77b5f

    SHA256

    43784590052bd1f9a4de60eb8a361110384f31e505a09816129e1cdf7dc8babb

    SHA512

    d680579771ef74b29ab24a3ae6a80022ba31814a256654bd1b75a9507fb7bcd1e48fd9bb2b78cb4ba4a797f6887e448fd3c0fb3495db657e64475983a529c351

    Download Submit

  • memory/2720-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2720-26-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download