Overview

overview

9

Static

static

7

c55ccabd0a...c2.exe

windows7-x64

9

c55ccabd0a...c2.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-07-2024 03:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe

  • Size

    48KB

  • MD5

    1f821d445b6f9271a6bac33b4992b19a

  • SHA1

    e81852b73d532a103dcfb9e6610e19e141ad8574

  • SHA256

    c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2

  • SHA512

    3f5fa0f39ab3fd33bbd5d4c4f5b32d1dace6f175a21e7e11834d136b7fde91d87499b235033789b62c5dfd42dfcd3e8a879c3e8507d6f1a2edec2a5c861599bb

  • SSDEEP

    768:kBT37CPKK1EXBwzEXBw3sgQw58eGkz2rcuesgQw58eGkz2rcuX9km9k/fxRfxyko:CTW8OmO/fxRfxykK3ZUkK3ZKYw

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (1841) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe
    "C:\Users\Admin\AppData\Local\Temp\c55ccabd0a183e61f9e0817f37e50f1e5137616e875e3cb1de2ab2ec341224c2.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3656

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2636447293-1148739154-93880854-1000\desktop.ini.tmp
    Filesize

    49KB

    MD5

    a0cb45ff4828d9d34c9dd8010d135090

    SHA1

    367a5c9e084576333247bba9080be43d26c72b9e

    SHA256

    389bcb312fa72d2b9f779bb2a1207aa8ab072974c583a432fecfb96d186d4998

    SHA512

    40e8090f124405dadf5ee7b8dd6d0ee5fcf54b3e87cbf128263132021ced7b1f6e64336eed644b612955713b198dbe05feb45b099ea871f9cc312056e5a95051

    Download Submit

  • C:\Program Files\7-Zip\7-zip.dll.tmp
    Filesize

    147KB

    MD5

    ab6cf29e7825deb6d9f56664f84a14fe

    SHA1

    41aea9580c5171ae883a06312fc351716cae0b24

    SHA256

    3abc23f72228f6ee232690c148b51a4266f22b346c5bc63002ac834b016926fc

    SHA512

    65f85b1fab3657447b3320eb81526553c0c85fcaccd10ec67b5786b6600f8e0c0fd812560a2af7e20c1157eb76c5957189b0fb6250a2cf829f1dec3ba93efa54

    Download Submit

  • memory/3656-0-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3656-280-0x0000000000400000-0x000000000040A000-memory.dmp

    Filesize

    40KB

    Download