Overview

overview

9

Static

static

7

694cf5aa36...0N.exe

windows7-x64

9

694cf5aa36...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    21/08/2024, 17:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    694cf5aa36bac22cd00c5b50983ba060N.exe

  • Size

    24KB

  • MD5

    694cf5aa36bac22cd00c5b50983ba060

  • SHA1

    94189fe117dcbfa4f3c911beb0842a7558d4923a

  • SHA256

    abe700a4c3c1735a64c6cfd72c472ce14f4bec392b84bcc90f5105b334975dfd

  • SHA512

    dad0bde8e249facbba198e2755d9e30fc078bf13c4d17823c372553567377939c73d7a7801fd6bc2e2956a03cec90b269b3aa0fccc57ddaa4cd30ddca698d758

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcI9qoIlOiJfoIlOiJY:CTW7JJ7Tk1a

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3417) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\694cf5aa36bac22cd00c5b50983ba060N.exe
    "C:\Users\Admin\AppData\Local\Temp\694cf5aa36bac22cd00c5b50983ba060N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1496

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-2172136094-3310281978-782691160-1000\desktop.ini.tmp
          Filesize

          24KB

          MD5

          644393b778de470ed2881f9b7286749b

          SHA1

          dbb22b3b0038df0acf06c760e8f37ba443cf5ef7

          SHA256

          7cadb34c00c1bd57a1c1f865754111aa5ce7f92f8573776cdac4af25c5781430

          SHA512

          e482a2dbabd6e2724625134eda3002ede188387ca57aae1efe5b126d08a86f5521ccffc1cc07c8a3cf4e21fb085e84b72e745401ef4a945c398eaeeac58ffcda

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          33KB

          MD5

          5f4c19e2f5a6caabdc5f711aa2a70247

          SHA1

          f68b819bfba49b3f12ee6f0046961c900029f88e

          SHA256

          151bb368e2afc6d290ee886c80463a7e5ef6021fb47a5cd42562bd1fdb9cde0a

          SHA512

          36a1fb82198c0d8c0a602fc91d1d2185465776daa2e5540661aefeb16da740a5abfe7b0de4f29e820ce3e5611f55c1b59f44e303da11abbfe043ffcf26fdb9b5

          Download Submit

        • memory/1496-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/1496-70-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download