Overview

overview

9

Static

static

7

99c240c5eb...0N.exe

windows7-x64

9

99c240c5eb...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    16/07/2024, 09:06

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    99c240c5eb85d7adee729b3cf6d7c820N.exe

  • Size

    50KB

  • MD5

    99c240c5eb85d7adee729b3cf6d7c820

  • SHA1

    672f923368198360486d59564801d95cde4c5f17

  • SHA256

    e9db673b01b74eb432e3f8404cf377fe9199167cf80399e51b7028b04fbd466a

  • SHA512

    ef8b29ba8351cfae5e412d0f2a16a3e6e7b0d3d7c5e9e7eafad53a52e4a64707368eea8e1ee6b0c169b1db871e82f6e2ee2b3e6cc5914cc945f3dd41d2e3b949

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFIi:CTWn1++PJHJXA/OsIZfzc3/Q8IZKok

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (3215) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\99c240c5eb85d7adee729b3cf6d7c820N.exe
    "C:\Users\Admin\AppData\Local\Temp\99c240c5eb85d7adee729b3cf6d7c820N.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2292

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3502430532-24693940-2469786940-1000\desktop.ini.tmp
          Filesize

          50KB

          MD5

          b44de985c54156c45bf3a109c805a05a

          SHA1

          4e69d96a68edd2be3d9b73013d1242996fb2a8a7

          SHA256

          dd9a3f684881b35da9267f2598a75e42ba47ed2677ed70ac65afac2dba414d3d

          SHA512

          703c698f50e0d3a3710d7a0174a716f0365c907b8cb51f2377a4b7d938513de7887756af4e6dd4d5a19246b391edb05a6c92cdbae3a377f7dd18de1fa73c7bad

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          59KB

          MD5

          ffef7b9470897d7ae2ec4bb4221e90ae

          SHA1

          ecabbd7b28fbe744eb76c757c408cbd067ae44c0

          SHA256

          6c46e9096ea97ca0a2278a1f3023d83e2a43ad23947ab4b1cacbbb5300b0a54e

          SHA512

          c73ec3538d9191cbb8a854e1c9798458a3d168c9bc9b7b7a4aea91e1aaa3639ac4c3af61d342e657e0ce277756dbd638cd5940e2f76b3cd196a3ad950cc29888

          Download Submit

        • memory/2292-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2292-86-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download