Overview

overview

9

Static

static

5

e8fc517da6...6N.exe

windows7-x64

9

e8fc517da6...6N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    111s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/10/2024, 04:37

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e8fc517da6a9e2e191cf51fb5766de025852cc088152efbe6dbc08c332b62d06N.exe

  • Size

    153KB

  • MD5

    fd1ce1453229b713443a854ddbedc950

  • SHA1

    6aa9ef6efca1338e34a5f85aa736e5ca181f80fe

  • SHA256

    e8fc517da6a9e2e191cf51fb5766de025852cc088152efbe6dbc08c332b62d06

  • SHA512

    cc86e3d07d16fa2575c52baee47e0449aeaec6e6d288ebc7f41fb8c8d091e5edd561128b4ceb25c4fc39dfe9a4aa63538e9c370d5e303a270b7296def5b3cac3

  • SSDEEP

    1536:V7Zf/FAxTWoJJ7TTQoQPyPheheEhNwNFkNXNFpiFu9Fy2XNgNFVNVNFomFaMFR04:fny1oRUheheW+0JO2XKFbd04

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4210) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\e8fc517da6a9e2e191cf51fb5766de025852cc088152efbe6dbc08c332b62d06N.exe
    "C:\Users\Admin\AppData\Local\Temp\e8fc517da6a9e2e191cf51fb5766de025852cc088152efbe6dbc08c332b62d06N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3316

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3350944739-639801879-157714471-1000\desktop.ini.tmp
          Filesize

          153KB

          MD5

          12f669c18f53a8d50a14e581fba9a97b

          SHA1

          2cb5fa8ae388bedc49409bf7ab45a9f038cafb74

          SHA256

          3712b951ecd32d4c175b3b64faec501ee10cbd93385ddd41763b0eb0a66bf584

          SHA512

          e7860e74285ba324a5dea2e28e3b4e35fbcf023aeaf857c8be58d42ebcda6bf7c7016d6d641391122331deeba80f2725ebc2670743e99350cba0aaaac01befb6

          Download Submit

        • C:\Program Files\7-Zip\7-zip.dll.tmp
          Filesize

          252KB

          MD5

          ccd02c992f28487181b932edf354075a

          SHA1

          c5af6f21a7353427f8e9414e65ec9908771fb015

          SHA256

          1a30628fa39a40df19e93e09c294de1dc56103c452035d32b36e514a9e67554c

          SHA512

          f55c7a5b18d603c2a2256d01b0b9739fbb7b25bb80f884c231479504aa0b0c667e0cd14823be33cb27af674d511f5a53551404b1f07c5ad5d9109d1bf3f43946

          Download Submit

        • memory/3316-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/3316-666-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download