Overview

overview

9

Static

static

7

77c2d2fff8...0N.exe

windows7-x64

9

77c2d2fff8...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    19/07/2024, 08:54

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    77c2d2fff82469a03139dc4eaaed6c40N.exe

  • Size

    47KB

  • MD5

    77c2d2fff82469a03139dc4eaaed6c40

  • SHA1

    309e40a256d0162c20cc6bdbb9318c4b61ecee2c

  • SHA256

    faa23b4e19b172edf2903ec0fc17dc1cc8f3a61f44d645be387ee2802a32dd23

  • SHA512

    50163a3375754e5e9f7cac10491f986a6e00179021ca46a78338f59a52ec1e2547aabe314724829b138a4912402d727ca0f0ab8c72665e48a1c3477dddf9bc80

  • SSDEEP

    768:kBT37CPKKIm0CAbLg++PJHJzIWD+dVdCYgck5sIZFlzc3/Sg2aDM9uA9DM9uAFIL:CTWn1++PJHJXA/OsIZfzc3/Q8IZx

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (2985) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\77c2d2fff82469a03139dc4eaaed6c40N.exe
    "C:\Users\Admin\AppData\Local\Temp\77c2d2fff82469a03139dc4eaaed6c40N.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2384

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp
          Filesize

          47KB

          MD5

          cde78477726ee658de2e8b0f06bd01f2

          SHA1

          242582a70c36481ecb66b460467876dfe073f326

          SHA256

          47f879dac011bc19e855e06cc567173cf90663a829193f40265d3c040550dcb7

          SHA512

          7f736589c6cf8a7567e90a5ee1a2e472b06f3f09fef925e076a0d45ed9e6676f57ea03e83e59707b0c9afedaec769e1b81f6e2359320b8b89004e3891bcc88b0

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          56KB

          MD5

          ae276fec5a79a17842ff4feb184c823d

          SHA1

          d7a162fb0075efa09e2926ebe397c747fd59cf4c

          SHA256

          0afb49591a167373d57bd4837faae91228a9a5cb515aba96a2018f6daaa32db8

          SHA512

          1bab568d7eb4c5b65315bd6975da71437b2d77fbc1adafbefdc873cb17f353bbab05fcb10e4f0385b04549ea9b638f9d9d2de072b01ea9d7a37007150a6192f0

          Download Submit

        • memory/2384-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2384-76-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download