Overview

overview

9

Static

static

5

23d5a063b9...bN.exe

windows7-x64

9

23d5a063b9...bN.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-01-2025 09:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    23d5a063b975960721a9e65df50841ad0784893cc8b52fce677e2ab2644b456bN.exe

  • Size

    117KB

  • MD5

    ef5142d6efeeb484704df24d6839e1c0

  • SHA1

    9edbcc0984b24f45c321d51a01ee82c6d67f7ebe

  • SHA256

    23d5a063b975960721a9e65df50841ad0784893cc8b52fce677e2ab2644b456b

  • SHA512

    813c736efcbe76159c0482d2178d899b2d63510a1fa875206764c86d0c2c64e841809c35e9646a24143a69fcdb62cc2d86672f061107d21966a2bcdbe01b39c2

  • SSDEEP

    1536:V7Zf/FAxTWoJJZENTBmRPsdj2hkAeCgI3i0CJS1Il+lM5QOVhFVh6Jb1Jb3ryCl:fny1tEyyj2yAeCgjJRDFDqryCl

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4175) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\23d5a063b975960721a9e65df50841ad0784893cc8b52fce677e2ab2644b456bN.exe
    "C:\Users\Admin\AppData\Local\Temp\23d5a063b975960721a9e65df50841ad0784893cc8b52fce677e2ab2644b456bN.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-493223053-2004649691-1575712786-1000\desktop.ini.tmp
    Filesize

    118KB

    MD5

    ba754beb9943c1adaeede543e277eb48

    SHA1

    0987e84a24725ac2d2d0b24b383de1fc5e674d0a

    SHA256

    9de249fad739f3c3213f2af42f87cb738226394d72f49627bdba593d6664122a

    SHA512

    1fadae9cf8b30fbceb61a5f8f2789c70a482a10727af790874a332b54417514c924c22db437a7dba0a9d141a4358a5365a8d95fb05691eceedfe72eb3cce16d1

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    216KB

    MD5

    f342eb18554ccdf6883c7ddf15d9bdce

    SHA1

    28723b096204957a8775b054a2a2cd1dfe4d8581

    SHA256

    2a3471487d4a96199c7b841e2f6924b4d438f0113ceb1af0512daabe5332fec9

    SHA512

    bd2f4ca1630263afdff6a4e9cee1a86f0611ab1b3c37327d74273d32fdc8a57273b08fcd368e3fb2ce0b4126ef5dd9ca7fe44128b36019082be8a08578c49006

    Download Submit

  • memory/4216-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/4216-658-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download