Overview

overview

9

Static

static

7

7c14860a2d...0N.exe

windows7-x64

9

7c14860a2d...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    118s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    05-08-2024 10:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7c14860a2d97730336c390e1b6d20820N.exe

  • Size

    142KB

  • MD5

    7c14860a2d97730336c390e1b6d20820

  • SHA1

    e7bf954fe61fbc9c7184d94f633ef56aeddc817e

  • SHA256

    9f1dfc70328484ae7c5cd7dc05378480545e0d0758dd6ce8e1c8ddfd65809815

  • SHA512

    425a82215b54903ce9a003bd2f3234604ecd1a616f6449c11a9acfc955a1e4429de6db757a80e0446ce58af5b0cfc2bbfe6e07976548b1893a04f4537258fe37

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8NCuXYRY5I2ISTWn1++PJHJXA/OsIZfz0:fnyiQSoDuXuv36QSoDuXuv3cimiC

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (2821) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\7c14860a2d97730336c390e1b6d20820N.exe
    "C:\Users\Admin\AppData\Local\Temp\7c14860a2d97730336c390e1b6d20820N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:824

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp
    Filesize

    142KB

    MD5

    09f9a40f5529e51e41a48de9bbbd43d8

    SHA1

    e1d217bd300b79f8caf6815f29f343b2e840efea

    SHA256

    e45208b48a5a211cc1f394079511bb8b2ba5d4e3a5df3356742d61791f77fd0b

    SHA512

    604f5267f4b2564ae3986b172fc4e2e737f24ca74a7c51b267cea0256779ce8fd964b8d9f90ca2b083819eaecab6b0d4b212013a53563ad1ee71327c38b1e469

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    151KB

    MD5

    372a2797fa68460c9708c8a8b206df7f

    SHA1

    bdd42f6b00bbb283e6fa974640c01462cdd4401f

    SHA256

    802f26251165e1caa8d23efc2d2457faf6ae5d248ccd8a95f4cf5b1fb1c84987

    SHA512

    bc350b0e0d0c3f284e1ae218053c3d27c07d88a3edd7c6056bb1c6593d99aa912dede8aa975e291a69879fba51ad0e273ccdad1e4d6afda5f3e5c9cbc2b02480

    Download Submit

  • memory/824-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/824-650-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download