Overview

overview

9

Static

static

7

0c6a3b7075...0N.exe

windows7-x64

9

0c6a3b7075...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2024, 17:41

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    0c6a3b707557ecfc72bd4f2e9925bfd0N.exe

  • Size

    78KB

  • MD5

    0c6a3b707557ecfc72bd4f2e9925bfd0

  • SHA1

    2d1ade00f4e86f86ea5ca8a20baf836220664f0e

  • SHA256

    09be656cd639c0aeee3e8121cf684580a28d7eaecf13e2b3713118aad589a5b4

  • SHA512

    e4d1d945524d9b60a6a48026d4d9747cbcd27b90ff20b7bf70e4dad699241c2c6d5753a492d046d619144b24326569a3aca5cc7e4ed86628d8691e53c61e2cbd

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxz2h4:fnyiQSou2+

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (3762) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c6a3b707557ecfc72bd4f2e9925bfd0N.exe
    "C:\Users\Admin\AppData\Local\Temp\0c6a3b707557ecfc72bd4f2e9925bfd0N.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2772

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp
          Filesize

          78KB

          MD5

          a6a2ca52e16dde4bc74062616bf8ba23

          SHA1

          cb492db11a10facba7d70ad54ee6fbf05c0bed7b

          SHA256

          c6af2b40728711cb308d6977352d8b8c9f2628967974b5314031eb23716bcb77

          SHA512

          8be703bb4cd09b114baacca95eafa0fa1161d7f0017b62c813e6b051d92a6baf8fd8314ff276ffd1e9474c366d84055e1877cfeda9771064b54826d941c2c75f

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          87KB

          MD5

          7c0cda82364b7aaf0d2bd2ac74aa2088

          SHA1

          2cac37a0dbd5ff94a9d3ae4b6f5fc3491943592c

          SHA256

          15a0b1556c7b4b0028a90da5e184b02608ca4abf87ed882107661caa1f64859c

          SHA512

          b69c9756eca4f406dc66642e48b6373138e72c8f2cd055df34afc8705c9d58ceb98f7211c5fcbbd684beeb54f472895786e11c14b5ece46942c959e2559184a3

          Download Submit

        • memory/2772-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/2772-662-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download