Overview

overview

9

Static

static

7

0c324f1b80...0N.exe

windows7-x64

9

0c324f1b80...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/07/2024, 21:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0c324f1b804a061897959ddecac28190N.exe

  • Size

    68KB

  • MD5

    0c324f1b804a061897959ddecac28190

  • SHA1

    97902fcf1a4e01f5fb045442b61906a9ca2de634

  • SHA256

    522be1690277a9305f2817f75bd3ff78139d928160ddc74e950f38d2a5964ba8

  • SHA512

    c8755286eceb678c11cdcc5561d12e7597a0cae77ea72b6658317ee684daaea1fa309de5d99b8dbc35a3a252c2319b9718d97a28eecc810c021bddd0c3c53295

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8zxviYiaEF:KQSo4iYiX

Score
9/10
ransomwareupx

Malware Config

Signatures

  • Renames multiple (4620) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0c324f1b804a061897959ddecac28190N.exe
    "C:\Users\Admin\AppData\Local\Temp\0c324f1b804a061897959ddecac28190N.exe"
    1⤵
    • Drops file in Program Files directory
    PID:1036

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2990742725-2267136959-192470804-1000\desktop.ini.tmp
    Filesize

    68KB

    MD5

    ab68070019a1130d74abdadbac983546

    SHA1

    03df66e91edc7185d89885f44ced7a2327b25276

    SHA256

    0d1e00635c60a8305c9be9f27446195b09535d68072c22b3509398ce2cf13337

    SHA512

    5969883d4ca0d45ac569d139aed7c91b650f73c682a24064a706fe2a9168a8773a9c8b0f5c1ad7e8d7ca2d6e351082f9c038ec97917a6d88169226fa97881e27

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    167KB

    MD5

    01abb22fe23b35928fdb73f2c7ca0fd0

    SHA1

    a98b240660e8b579ad8f355712db9b994cb9a136

    SHA256

    ea07a482affd43cc0114742cf2e838915a5cef7bffab9646409579cb8057d04e

    SHA512

    baa81a09852dbc2428921f926855c39d726f1a0ab0443516430553c9ae853bdcc00ffe44e621d7cbdb59a4e88c7257e0f24cd20e33cadcf53074ac4fef526800

    Download Submit

  • memory/1036-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1036-1032-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download