Overview

overview

9

Static

static

7

cb478cd61d...97.exe

windows7-x64

9

cb478cd61d...97.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    27-07-2024 03:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cb478cd61d5252ada951e5f9a5ae9ea4a1a60f09e13ce80600cef47dccf43e97.exe

  • Size

    81KB

  • MD5

    81c919b3614f0a58450bda439d2c7469

  • SHA1

    eb93ff0369aa09022a7000ebb8b7c1245d79effe

  • SHA256

    cb478cd61d5252ada951e5f9a5ae9ea4a1a60f09e13ce80600cef47dccf43e97

  • SHA512

    571e16249a42c2183a471d9fd6ec3c196ff3fbc7807dbbd6f2e77c3819895c0edfb9c34efb3e7183756296bea935c26bd730d5e0dbbb49088a81027cb115c96b

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zx0Cq/8S/8dyw:fnyiQSop8i8dyw

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (331) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\cb478cd61d5252ada951e5f9a5ae9ea4a1a60f09e13ce80600cef47dccf43e97.exe
    "C:\Users\Admin\AppData\Local\Temp\cb478cd61d5252ada951e5f9a5ae9ea4a1a60f09e13ce80600cef47dccf43e97.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2780

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
    Filesize

    81KB

    MD5

    62950baf58ba28b5c1e9697214dcb9a9

    SHA1

    be25af21026a0ae929bc4874e9b71d71a9d9e685

    SHA256

    2c79cbd1ad181932b02d89ba071dd4266c057de169256c2b5dd116be62f3a4d2

    SHA512

    d837e13f1583855a435b912a250d23ff087bac7ff524cb05ba207e18bd7aef336c9e8e9903bbd0a56d5cb1a6df08057946599814252a8acd258a0f5f934bd4cc

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    90KB

    MD5

    1c74b373e981f9b5e23be7bdd25503ba

    SHA1

    b4f45231fe4a77266cb81cd754c4a66d454e3d10

    SHA256

    ee67a17f8a722fc2bcaf867c49ed6e3a527ae2dd1214a0e88e59be0cb5b6e772

    SHA512

    bf726e2112d4cf20ab35dcf9ed5997476c4525b41ac558b92a23619778a96f7d3c789c168eac363901a0c6281017ad941687a56368539e3758e3b57ffef22ec9

    Download Submit

  • memory/2780-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2780-44-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download