Overview

overview

9

Static

static

7

011608cd5d...0N.exe

windows7-x64

9

011608cd5d...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    26/07/2024, 11:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    011608cd5dd3dc4eff67f737f94a7920N.exe

  • Size

    58KB

  • MD5

    011608cd5dd3dc4eff67f737f94a7920

  • SHA1

    c455f5d92f0f9ec0975c51c82e1bec6b70334ead

  • SHA256

    214f47c538050b484d97c7d71478df1550593b41c83ab506b7707a7ffff38eed

  • SHA512

    9b3a3a8b3b4121eb97c0870ff58ff27f3b553a4c9b7e2c129b5caca711b8c723bfc49a1fc72e5c25122cc70ecd21bbf80c2853237f1f69bfb9bfba400dade1c0

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8zx5858ul5:KQSoo858ul5

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3198) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\011608cd5dd3dc4eff67f737f94a7920N.exe
    "C:\Users\Admin\AppData\Local\Temp\011608cd5dd3dc4eff67f737f94a7920N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2168

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-940600906-3464502421-4240639183-1000\desktop.ini.tmp
    Filesize

    58KB

    MD5

    3ef36c591233265be2eb209c614287dc

    SHA1

    9b154cff9bc0d86c1e474f4f6ce73b201a093e40

    SHA256

    88c977920377950f8dc360cd60468959b6b7757e603496e35f6b44c07272ae61

    SHA512

    aa2c44ed60498de3a82de9d4feb30376d86d7fc7c464acdc11cab2f1ad945bbc69e3492faccae99c8b8b26f871749679e116c3e4af9c989ebe973af55a38c7df

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    67KB

    MD5

    52347beac8bc47f97a99868fc8ef1bd7

    SHA1

    73d9776cbfd32a099d867f11fc8b58624b38e08c

    SHA256

    4c3a1917912ef78f7fca826c8170030681732f836a3e05074298bd06b9d6f3a3

    SHA512

    0c2192cf0349065f0d8fe9c92347d66e46bf912d16030f3a64972c234a497547351aa35ece7b2494e7884a08f1bd10b3b275f5eb8796580b0f395546f02d1f04

    Download Submit

  • memory/2168-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/2168-76-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download