Overview

overview

9

Static

static

5

43ab821656...e1.exe

windows7-x64

9

43ab821656...e1.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    26-11-2024 01:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    43ab8216568b650a8197b7da5f6f2ecc9306882f647e2c0fc5cf041d4579d8e1.exe

  • Size

    281KB

  • MD5

    b71ebb681af0ff0d0eca0d2b87785928

  • SHA1

    84d4359b96869916cafb46f0455f67a2f097198e

  • SHA256

    43ab8216568b650a8197b7da5f6f2ecc9306882f647e2c0fc5cf041d4579d8e1

  • SHA512

    03ebfd885f81f5789b58b9485c144aff1598c0a25a9584c6de779401f90eefd39b730cfb01e006d506c871a0c8c63a9bab4cfee7f41270244c1dac0191581367

  • SSDEEP

    6144:fEJIjNDv0bNXkbvLIEJIjNDv0bNXkbvLU:+IZGNXkbvLNIZGNXkbvLU

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (1726) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\43ab8216568b650a8197b7da5f6f2ecc9306882f647e2c0fc5cf041d4579d8e1.exe
    "C:\Users\Admin\AppData\Local\Temp\43ab8216568b650a8197b7da5f6f2ecc9306882f647e2c0fc5cf041d4579d8e1.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2244

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-4177215427-74451935-3209572229-1000\desktop.ini.tmp
    Filesize

    281KB

    MD5

    df547ca7bdf2d7145fd1ac574621bd68

    SHA1

    fb342bcb540e4838c84b89d0e9e6bc27266a904d

    SHA256

    5ceef87bdd1ae29a970d90674fe146d8f0710a3ed6de99e375eb03602be5f68f

    SHA512

    eea9c147f765b932ed5e1199e1de177158a055fc4d3a288b76ccecf34dad25a3feef5196cbd943bb94fec7a65f1ea59e1dd9fde62401b866dcbe20b7821ec21c

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    290KB

    MD5

    2fa9769abd9e8518cf745e8fc886f6f6

    SHA1

    04643480eafa80fbfbf83ff8d78d5ab2e30c41a0

    SHA256

    f3858886ffdc059e9fad173f5408a66a0fdda0fe2ab6d41c18af219bfbd419c1

    SHA512

    d4783dd88875f83867a09e372f5186237329d87849c6c9d8c91c39c037ee7e3949bf5d5b041a4b265829e2c6708b1ac87bb03002b19687a90d4e1f489a329cc6

    Download Submit

  • memory/2244-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2244-59-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download