Overview

overview

9

Static

static

5

b43be4ea1c...3a.exe

windows7-x64

9

b43be4ea1c...3a.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11/01/2025, 21:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b43be4ea1cdf1c9c291ec7b05403a47b06db9c7a896ae3f08798b4b7d40c313a.exe

  • Size

    738KB

  • MD5

    eab7ea8cade944ee7641cd0d7f063bd2

  • SHA1

    1b4a0155648fc4227d61ccd15cc036bf023c1931

  • SHA256

    b43be4ea1cdf1c9c291ec7b05403a47b06db9c7a896ae3f08798b4b7d40c313a

  • SHA512

    795c37944a1e8efc462e6066e90a6a1ea823ed2a8deab035d7d149d8ce2b7422001a51aa27538354c50a5683f6541134b921a828f1924a08521ba5e190f43b30

  • SSDEEP

    12288:+IZGNXkbvLbIZGNXkbvL6D+k3aJ5xDfN4D7/SAOZi+5u4+rcKftu:+IZaXkbv/IZaXkbv0kJTR4D7/SAOZi+9

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (845) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\b43be4ea1cdf1c9c291ec7b05403a47b06db9c7a896ae3f08798b4b7d40c313a.exe
    "C:\Users\Admin\AppData\Local\Temp\b43be4ea1cdf1c9c291ec7b05403a47b06db9c7a896ae3f08798b4b7d40c313a.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2156

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1846800975-3917212583-2893086201-1000\desktop.ini.tmp
    Filesize

    738KB

    MD5

    4eb648ab7d5cbdc31da05656998e7a2b

    SHA1

    ab43cda320432874e19287a88a267c9391782247

    SHA256

    d33264e55518244900476292dec50664671b83f2aebcbf432415d016123eafeb

    SHA512

    f52a6b82dc59d5d4ce346b632bddf040a98d1dfb74f45cd00885d1b2b457c5c151a886faaa02407e47e378b9d43dab5950cad46d4190e788ac3d2f3e15ca26f4

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    747KB

    MD5

    fd23d90fa7de8e9afca660fc7ef05e1e

    SHA1

    16d5bafed15ce6a60e907474efad31d5bb39ca64

    SHA256

    f761f2a772a562de4c2dad62f8c2be6673100d00a775867c4fe94e4372e1370c

    SHA512

    f5556837973563a470caad6ef24e586c38ce35a43915c205188a77091ebd5cdcac46051abe6038e492b44899643167d0ffab1b027847a8418b2e711b25c07001

    Download Submit

  • memory/2156-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2156-64-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download