Overview

overview

9

Static

static

7

a7485cfdab...26.exe

windows7-x64

9

a7485cfdab...26.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    149s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    26/07/2024, 01:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    a7485cfdabb69a081a3b07048b563672c3d5dff18a83dd0eb6764bf1c6709726.exe

  • Size

    44KB

  • MD5

    cb1dc6c3a2e27a1e3bf9575f165d3c5d

  • SHA1

    b5ee18e9a5c25c5831d40d3eba622fbe76717669

  • SHA256

    a7485cfdabb69a081a3b07048b563672c3d5dff18a83dd0eb6764bf1c6709726

  • SHA512

    872649715c3921389d0091087bbe3931f896f02f66e45bb84ac99f62d7c656a82fe862615980fd6a6c47905905afdebd4d4cf157eaf31b5ca13ae8ded64d965f

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBoMAJxeMAJxZ:V7Zf/FAxTWoJJZENTBn

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3269) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\a7485cfdabb69a081a3b07048b563672c3d5dff18a83dd0eb6764bf1c6709726.exe
    "C:\Users\Admin\AppData\Local\Temp\a7485cfdabb69a081a3b07048b563672c3d5dff18a83dd0eb6764bf1c6709726.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1716

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp
          Filesize

          44KB

          MD5

          445b54c993a544e4bdbe1f48ddc1b304

          SHA1

          66b4a07dde6f5d9070e7ccbcc50da0a2c2dc5a79

          SHA256

          32a8fa35ca9c9e397c469dd319bbb847e8748e8a95d6ae392d1af423fffb575d

          SHA512

          f0a325ad4be110e9ed24e67f98ea41f94e0472a6f17edd8c55c5d3180f413c091898a7dadaaef36316d24716bb748917d385ccbe568b812ee16a96da76832000

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          53KB

          MD5

          01694faf08326bcce3bcb15544330e31

          SHA1

          9e13ec90de2532ae17ce459770f874515924a08b

          SHA256

          206f172426a8a6c79ae72d3df09f46a6aeb9f3912d5544c44e41323ca40d2c24

          SHA512

          d1a99b3ba3ec67b6e92b1007ce8ade48f6c184d74eae7783cd6cecf13754faa291c32a9e4e4da03c1a797e9febb47440f9fd60cbc908d21bacef1c2ed9a41115

          Download Submit

        • memory/1716-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/1716-162-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download