Overview

overview

9

Static

static

7

2c9a0daefc...0N.exe

windows7-x64

9

2c9a0daefc...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    115s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/07/2024, 16:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c9a0daefc452ab3a2293bd686386e60N.exe

  • Size

    67KB

  • MD5

    2c9a0daefc452ab3a2293bd686386e60

  • SHA1

    5afb718291f91bc0a338a57875d4914dd41c118c

  • SHA256

    0fe04eb8a156701f4e9ec6024dca10ffb31751bed8c104748ab7a356aa313118

  • SHA512

    e61c0e38599683b04bdd33d84826195e5b9ebf544877d90ee5d6fbdc5fdefa0405187087f11cbe35299e31a7cef4a623e75b5a8f8c1d45418da3c3513b8aeb2a

  • SSDEEP

    1536:CTWn1++PJHJXA/OsIZfzc3/Q8zxtdxcgMCYiplpK:KQSo4dxa7

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3183) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c9a0daefc452ab3a2293bd686386e60N.exe
    "C:\Users\Admin\AppData\Local\Temp\2c9a0daefc452ab3a2293bd686386e60N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:4784

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3419463127-3903270268-2580331543-1000\desktop.ini.tmp
    Filesize

    68KB

    MD5

    50d68197d6d504fa7792732ab178290a

    SHA1

    fcb740f4cf929de57291ac014daa6a99fa8713f6

    SHA256

    ac354bd05ea38bdefcd854c4efd9ffbe0ae35d8392aea6198b9a08030223907a

    SHA512

    3ffe362bed3eaf0b5ecd3843a7b9ba4c6cea692788e3f3f90932f2621db12de2ac425782226292a1c3e4672d1e80ed5cbb7fe43a7a536f588b4d6800a214c30b

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    166KB

    MD5

    ed1d1e023502114d6db5f9a9f89533ed

    SHA1

    35219dd65b23bd42aeb2d3de93964d5cabc50a19

    SHA256

    4172c1d2f05bbe1d7cbad399da47374910fbba7e5cae646f3493bc188e75bfd9

    SHA512

    7d846005f35212af28b51fd2ac78a95d71198fb8e8548638a5e23cc5b7278bc037d0f687463601ff3af440b400803856a2340720fc50524781b075cd2ee75e5c

    Download Submit

  • memory/4784-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4784-446-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download