Overview

overview

9

Static

static

7

0c324f1b80...0N.exe

windows7-x64

9

0c324f1b80...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    20/07/2024, 21:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0c324f1b804a061897959ddecac28190N.exe

  • Size

    68KB

  • MD5

    0c324f1b804a061897959ddecac28190

  • SHA1

    97902fcf1a4e01f5fb045442b61906a9ca2de634

  • SHA256

    522be1690277a9305f2817f75bd3ff78139d928160ddc74e950f38d2a5964ba8

  • SHA512

    c8755286eceb678c11cdcc5561d12e7597a0cae77ea72b6658317ee684daaea1fa309de5d99b8dbc35a3a252c2319b9718d97a28eecc810c021bddd0c3c53295

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8zxviYiaEF:KQSo4iYiX

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (2962) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c324f1b804a061897959ddecac28190N.exe
    "C:\Users\Admin\AppData\Local\Temp\0c324f1b804a061897959ddecac28190N.exe"
    1⤵
    • Drops file in Program Files directory
    PID:2528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp
    Filesize

    68KB

    MD5

    1bb15b8b1a7e3bdaaac30303d2f1ed57

    SHA1

    5c54072c557b12b3a6cfa6efbcf210ea500021ad

    SHA256

    596f82e732c01972b0bb5343bbd097d0b08bd716a2c7d2849d7883308430a98a

    SHA512

    4df430b7e571d3959375b8c65d1012b4072a92615accb6967564322ee28f454aff8b45d1cb148cce5a2b837b7f40db38d28215bea8d793e7f85410cff4f0d264

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    77KB

    MD5

    f3c10d01ed30633b41314f9bb9b90b4d

    SHA1

    2e7fdecb07cdfb6cb0714aae2bce6f998514e595

    SHA256

    decd9ff022363ff40c90c096649fdbe9ea1db3b382e5f7a09361c70c0a189fe8

    SHA512

    f491d0e52255236d852515f30640be52d73c255aaf0ffdcb9cbc9ce1d383260aec4f5a4b34a2a8e829a17762dc11aae559608377ea9199aeaf9950189aa932d2

    Download Submit

  • memory/2528-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2528-76-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download