Overview

overview

9

Static

static

7

5f5e863714...0N.exe

windows7-x64

9

5f5e863714...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    02-08-2024 05:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5f5e863714e151a2b08fb9294fc36ef0N.exe

  • Size

    93KB

  • MD5

    5f5e863714e151a2b08fb9294fc36ef0

  • SHA1

    a91a6646d4dbccfa6ad3a4250a6de060c2ef1640

  • SHA256

    6cf4ac810a002dabc138e2a8cd6dc374fec3b351830b265bbc812d07a3dbade4

  • SHA512

    505ac8874dfcc2fcdf5720db38a2e74cbbadc06efd28ed9d92f362a3a25450c5a61320957f49163f45db2e48efbf7eb1ae8fbca2560bf0b54bf623700f2e8ae2

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zx0Cq/8S/8dE0WnL/Tn5+Pg:fnyiQSop8i8dJQbTn5+4

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (2901) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\5f5e863714e151a2b08fb9294fc36ef0N.exe
    "C:\Users\Admin\AppData\Local\Temp\5f5e863714e151a2b08fb9294fc36ef0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2444

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp
    Filesize

    94KB

    MD5

    95308147a27dc5b0d84536dffe577cfe

    SHA1

    d93edb1bde2a7d60a276c27f93e5c9f40548bb96

    SHA256

    ccbcd8b64c016400c1a443a6869245e30fded087edb75dbd5128230466349fc3

    SHA512

    cf8072d7c7490e871f191250e691585f2e561c39d0497f5befb3fd25553799f711031292c25431f2cc3413719009b1941d3024ea6a6c7a95bd93934e64d28347

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    103KB

    MD5

    1df267e2da2cbb8649160d59c71efadc

    SHA1

    e047fc18359a4f155ceb6760ed24ef11f68e5815

    SHA256

    25da78aa37f0c316d716bdacbec642eaf79a1006cdea725a48c6f2a6d493cabf

    SHA512

    75b0c4b8025a0b9fd963c21635dfcd3075eec4a62ce6e62242fef7ce802af3453e9b3699d4cb952d0a729f24acaa67805ec5bca541a7bd07762cff8a2f237920

    Download Submit

  • memory/2444-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2444-644-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download