Overview

overview

9

Static

static

7

2ccd7bcb10...0N.exe

windows7-x64

9

2ccd7bcb10...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    107s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-07-2024 00:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2ccd7bcb10a203829c370f5d82b134e0N.exe

  • Size

    46KB

  • MD5

    2ccd7bcb10a203829c370f5d82b134e0

  • SHA1

    a31ffa95163ef7e3c8e6661a839c0ec6983032a8

  • SHA256

    c99071b253150ae6c5edac207a0236a9cca5cf340c6d68e16a6d7c22f52326a9

  • SHA512

    49be698373f95486c9699c531f0c21bbd477d09e902b55749ed465773aa7ee23fc765b48dc0557664ebf3ee35e0ffaabb16d6ec2823d368baf8e78105326f124

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJ1EXBwzEXBwdcMcwBcCBcg:V7Zf/FAxTWoJJ7TP

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4620) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ccd7bcb10a203829c370f5d82b134e0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2ccd7bcb10a203829c370f5d82b134e0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4856

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-47134698-4092160662-1261813102-1000\desktop.ini.tmp
    Filesize

    46KB

    MD5

    4b62b6ed38ce18990a5adf2c99bc6cec

    SHA1

    9417e433849e305032560787658b9e5ac29c9e65

    SHA256

    635472369ef047731f2ab3a93f61ca713a86a043f377ba3d69969f88d8509e60

    SHA512

    f4aeb13f740a633bb70bcce17a4e2a639f02c9c52bfe48602f614ab005e96d2b297c10c4b29d672e98ec2460f3f1e8ac46ee15a166ccc11c9ff9e1dc2fc2ca17

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    145KB

    MD5

    6b71c12afb621baea6ae6267deda045f

    SHA1

    a18de404358dddc6e295c5f7fe1d5779d9c6f108

    SHA256

    9b73f69e41edbaa4265ce33dee48ca6ae488adb72f8756124775f01bf201cc68

    SHA512

    67acffa6df461044bbf9e9a0ce17203efa87dcfe4bd62010d2813b3621666927d5b599ed2b1e7a1ebfaf2dd814363107d8b2a87376bf7b4f2279db2dea52a6a2

    Download Submit

  • memory/4856-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/4856-1860-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download