Overview

overview

9

Static

static

7

573905ac2f...0N.exe

windows7-x64

9

573905ac2f...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    07/08/2024, 03:21

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    573905ac2f031eb484aec6f9041a61a0N.exe

  • Size

    25KB

  • MD5

    573905ac2f031eb484aec6f9041a61a0

  • SHA1

    8565fb103e54e3502adb42e6a34716f3c3126185

  • SHA256

    a24041c01a13bec5711afe8e10b281696efa6c46dbf28acaadb49779507d9b7d

  • SHA512

    555a69d6ff6aa402b645170790b6ad7859071014e2ce95759d5c6dccfaa2bac75991b3e96ee24e1dfb9b1f1cbc99e81f953b3b092bbc5ea6e598654f3de0a91f

  • SSDEEP

    768:kBT37CPKKdJJcbQbf1Oti1JGBQOOiQJhATNyQYG1z:CTW7JJZENTNyQY+

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3390) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\573905ac2f031eb484aec6f9041a61a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\573905ac2f031eb484aec6f9041a61a0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3068

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3434294380-2554721341-1919518612-1000\desktop.ini.tmp
          Filesize

          25KB

          MD5

          4dc89306d8fed98c83bf73c18058b495

          SHA1

          052d5b5c400b1701edd3914c5c78509cf9ac632e

          SHA256

          188c641e4c9785dca9ddd6e7925fc41af82b1ddf24d64e4f3e070f5c949bffae

          SHA512

          ff1ab67fc0248c67fcbada0be4d658668e8182f1fd0a3f6445e4d638f21f6d618200685157d4c837b59377669b3d62e515de1092fa40c51d1ae448708d4a9c1b

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          34KB

          MD5

          a768954b4cac889ef7a96eb77c0630de

          SHA1

          86f97f997ca10d1244154c99ef23b62b48401410

          SHA256

          e2c5d7f88ab7f4328a6eb2cee78bdf435b31abee116ddb0ad4ae5b9aa9f124d8

          SHA512

          d00242bed7acb8b6cf50da399d34cff257eb85c96ea69a9f07660fb4ad8dd27e2cb2f4b8af0e001f3881bfda0ab0bf0a7d6759c0d60d657ba925fd14d0b88fa6

          Download Submit

        • memory/3068-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/3068-86-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download