Overview

overview

9

Static

static

7

22d7560585...0N.exe

windows7-x64

9

22d7560585...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    20-08-2024 06:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    22d75605854013fbc2677fa31db356d0N.exe

  • Size

    57KB

  • MD5

    22d75605854013fbc2677fa31db356d0

  • SHA1

    d2f785a95fe912c68e634d7aed76b5e32b6cb761

  • SHA256

    c7eb25f1b2d61459f28fa2c55c1e5cfa250d9dfa3b6369bb34d9fd63cfd2c84c

  • SHA512

    6512fb98dde957dc733d2b01ffcd16cb7ba886b63975a0d43f3a4157547da52f7bc9f1c189cf0f395bc85c4097ac73770e4e5f7bd29a82bdfafddf3339070f3e

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATNyHF/MF/6m0md0:V7Zf/FAxTWoJJZENTNyl2Sm0mPW/

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3236) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\22d75605854013fbc2677fa31db356d0N.exe
    "C:\Users\Admin\AppData\Local\Temp\22d75605854013fbc2677fa31db356d0N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1316

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp
    Filesize

    57KB

    MD5

    a83620cd29583bf556e7061701b74c15

    SHA1

    5a17d0fa8054eb3fe75dd86196bedca6f9b0f31c

    SHA256

    dec41cb745e27574f4150af02b65a0ea161e9d9242f6e81cf58ec6b96310c2e0

    SHA512

    3924380a8f8d9b6dd959eb7fcf87b3cc0b527d7b8346793371f5530d29dc52641e2623a77934e50c6d39e9be538f7346a66f144d7b78730381e1dac07bd0c358

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    66KB

    MD5

    b2ec0b6d0fef171cae114e4fe7bf55ae

    SHA1

    3b0ab1104cc2ff195195cd10e80dcf940c141643

    SHA256

    f527a7e8ce478fc98bc1a02f40b285607bc1dcf217650de8cdaa5c3df1253e02

    SHA512

    1e0d2d187c4d0849c7052f4979542c446a94af5293de5281a4f022d5ea16664a3ec1df0224dae7a4f1c709fcb798245fe546518a0ed3555a9cc72edec3c0af17

    Download Submit

  • memory/1316-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1316-74-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download