Overview

overview

9

Static

static

7

f73f5ee13e...0N.exe

windows7-x64

9

f73f5ee13e...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    17-08-2024 09:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f73f5ee13e96ba6e97ba764358ebf950N.exe

  • Size

    68KB

  • MD5

    f73f5ee13e96ba6e97ba764358ebf950

  • SHA1

    ae13964c12443d40ba1a3221c3c69b2ce89931f5

  • SHA256

    df10603abcd5be87ed1a0387cee068c5c9454ac49da2a4cfb0add192915c635b

  • SHA512

    a60b4fbeaeaa2f3074faed956c43394e7d7fde37b403ccbc1a34630684185b33d3e5cab26d382457e88b657c0a072b769487b14f65050da1c00a4a2c40dd7d1a

  • SSDEEP

    1536:67Zf/FAxTWY1++PJHJXA/OsIZBX5WX5Z4/:+nyi4M34/

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3149) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\f73f5ee13e96ba6e97ba764358ebf950N.exe
    "C:\Users\Admin\AppData\Local\Temp\f73f5ee13e96ba6e97ba764358ebf950N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2958949473-3205530200-1453100116-1000\desktop.ini.tmp
    Filesize

    68KB

    MD5

    a22b83ded46d8e61c404d5e2c222447a

    SHA1

    b137368d294848cd4e33013b4e21bf33defffad3

    SHA256

    b6f38d17978a60c72d19e6a62ed50c9c3b363c0b98e8e5c59813a2db9b9d9864

    SHA512

    1fab78b91a5e56bd20378705acf5b06fdebadb5b87ab1a0bbda23a61a0effb10f4498f0e831bc1d17eed44bb37f4774491f23b4fb2cb18d202d09b8fafa25f85

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    77KB

    MD5

    e71113437cf8f712c9dc54ec8c1d1e7c

    SHA1

    fe44eb0dfa51eee7fab8ad3d5735ce9e30c6a747

    SHA256

    175b82e0b213ecafa3b97f17174d6265545a8191b53c5ff171cdb7c50a29c8c0

    SHA512

    ae7b058608105e81e1b8173a580c2a9de594c400d69ea2aadd5e751dbec010b0aff9585d71558d42266ffab8dfa0eb111ad9c05033259d476f8bb920a0cb6a5b

    Download Submit

  • memory/1664-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1664-74-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download