Overview

overview

9

Static

static

5

aac4e35d44...9N.exe

windows7-x64

9

aac4e35d44...9N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    17-10-2024 19:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aac4e35d44e30c20514ed1172e00b0aad8294297f64c4b4a3c8f02f970ecc999N.exe

  • Size

    90KB

  • MD5

    d1d65ef7cae0b959030d5b9ea4935d20

  • SHA1

    a583596433f1cd4564f5bde48746400ba96e304d

  • SHA256

    aac4e35d44e30c20514ed1172e00b0aad8294297f64c4b4a3c8f02f970ecc999

  • SHA512

    f426eb9a9971e2b1178c6371fd71494e511ed764d6945b703698e65d629a890395f49594b8f8f9248566eb09938569b0375dfc5b0a9183e297d7b960d4dabe02

  • SSDEEP

    1536:a7ZyqaFAlsr1++PJHJXFAIuZAIuXsJtLJt2:enaym3AIuZAIuX5

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3202) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\aac4e35d44e30c20514ed1172e00b0aad8294297f64c4b4a3c8f02f970ecc999N.exe
    "C:\Users\Admin\AppData\Local\Temp\aac4e35d44e30c20514ed1172e00b0aad8294297f64c4b4a3c8f02f970ecc999N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1544

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3063565911-2056067323-3330884624-1000\desktop.ini.tmp
    Filesize

    90KB

    MD5

    28bee92b9e14dd5aa1a08cba73c65c76

    SHA1

    0995f951d25d3adef2745cc011debb3b2c8d2c3c

    SHA256

    901dca6cc1b8311f49be902a28e047d2b03b1f50bdf2085ecc5688d539057e71

    SHA512

    56233a860d55dfbbac1568bef90e5b8e57e8ad7ab7b376a7e23eec556205fee7eb91d6a024091bbb56b19f2c047eba59e971836ebf583680d7cb63ac43297502

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    99KB

    MD5

    79f8c07e39db0594e59a3f5d2c5d4f54

    SHA1

    6c2504fbf3c90ad1391f22bf7f9bd13b1d1e6835

    SHA256

    4e5759c497c01e86798535609f5c18c278b59a5a08c8b1746aca48075e3278ba

    SHA512

    a7feb637fe5f8c95dfdbafcb86cb4b9a82c68849e871e2da003bb5b6defef843aff2347e8b5a783632b05599de4a38e67b8c2c772f785599a3703fa92e8f7771

    Download Submit

  • memory/1544-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1544-74-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download