Overview

overview

9

Static

static

7

67012c1911...0N.exe

windows7-x64

9

67012c1911...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    02/08/2024, 06:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    67012c1911a76df2c8571701725e1a50N.exe

  • Size

    96KB

  • MD5

    67012c1911a76df2c8571701725e1a50

  • SHA1

    6cc539261b2ef3838e6046139fd81d11d5d9a026

  • SHA256

    24e2b748663586f9126e95ff212b0124f327195cca6c01ff2f3a60f000178328

  • SHA512

    d4f6af74daff74ff5c992c6b67dd9e57b6ad7ebd4110849f7b07297d05776f66d517bdd8cecfe81ad5c3136701ddd05785bc8735c8cf70ecf93ea72f913f3845

  • SSDEEP

    3072:fnyiQSoJUBM+PocOQejPdMRAHAASnnD5D5172HyZU3YF40S5DnumSFDnDHaJP1Bc:KiQSo//PxPa

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3092) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\67012c1911a76df2c8571701725e1a50N.exe
    "C:\Users\Admin\AppData\Local\Temp\67012c1911a76df2c8571701725e1a50N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-1385883288-3042840365-2734249351-1000\desktop.ini.tmp
    Filesize

    97KB

    MD5

    fbd1b97d6f28d0138e21d620ad2d16ac

    SHA1

    a99b52d64b4a9e2eaeb1ebb911b5075faaea9125

    SHA256

    0764f1edd297e055e6afb4ff636d7aa801b9da78d2bb7f763e5da60c80836ed2

    SHA512

    1c585d6b6f1761770b70ed5cd1d78fe0dfd117a974db2f7bb12282d2d7ea6bae36e6215caa7b77ba1db8f78e5f50ccaa4494c2bd28932bd5cf8bb5252bfeec9e

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    106KB

    MD5

    a52df11386baeedc01b23836d80d1bdb

    SHA1

    09a4e3a57ed2c88552419d3cdfc3e3884f955aff

    SHA256

    72dbfcb1395b3d39b252bc6f7df57b6baa252df7c28053a851ceb00467425685

    SHA512

    de92cd44c2eee489a883962a8316a5054eabe6f2162d765f944c09b77d4bbcc35099ce2e938683f8e0c09fc2cd9240fa50a1e17fb47c32cf9b153c31bc07fff1

    Download Submit

  • memory/3020-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3020-662-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download