Overview

overview

9

Static

static

7

772c0ff02c...0N.exe

windows7-x64

9

772c0ff02c...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    18s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    27/07/2024, 01:01

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    772c0ff02cdb44cd7f288ed87f59e1d0N.exe

  • Size

    48KB

  • MD5

    772c0ff02cdb44cd7f288ed87f59e1d0

  • SHA1

    c6d8255bdefe9e6fcda82c7f27f76842448e298d

  • SHA256

    e3dc27d65880d02f9bc8b00a5058923f98febb913b60295ea6abf482a029f980

  • SHA512

    13664cc70e7dc47117b6a1e99243b995deba2132e018e74200e960737c786ee6f1433dfb2863013ae29b8d0be8b9a43de74eb4ff426f2d63fe1e0fddd4837286

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNyf:V7Zf/FAxTWoJJZENTNyf

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (294) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\772c0ff02cdb44cd7f288ed87f59e1d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\772c0ff02cdb44cd7f288ed87f59e1d0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1360

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
          Filesize

          48KB

          MD5

          17e2942645c898dedf8ed0a72daf947d

          SHA1

          5fd22e8381910f76f2618517cb73c0f70eafad64

          SHA256

          4760c8ef3bd4130218cde6fb616a3e7d8bcccaaf04e63abc0a87253e1a9cbb92

          SHA512

          9a9bbcfcd03a0bac82b72bfcae29e1f377abe135435d2342e945bd67fa518e839d37e1f2321d2bd703f0b814f5162725df409d4cba417417324e25fa77f33957

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          57KB

          MD5

          463ece9af7fb61605c96ce031d000f46

          SHA1

          e76fdb40c3c0f238f8e55903c2aae5ab0b5ed1fd

          SHA256

          9b0d3e0ce89040bb2d2eac4aa0a1bee1150a75fb057b90e2c96232162557a826

          SHA512

          303cc19b143db843f284a0f0c4830a247398ee33120c32ec91d2f1cdf11fce370247a85125e6f358e9813bb92d5abfcb923447d80bb870b4ddfb1139beb7d5d9

          Download Submit

        • memory/1360-0-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download

        • memory/1360-62-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

          Download