Overview

overview

9

Static

static

7

78d91974f8...0N.exe

windows7-x64

9

78d91974f8...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    24-08-2024 15:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    78d91974f82aeae31675c1bbd2620b50N.exe

  • Size

    132KB

  • MD5

    78d91974f82aeae31675c1bbd2620b50

  • SHA1

    28dca4ab0f9a336f90aa4dde983e65b6b6af33eb

  • SHA256

    e27ecd664f6540ea20076bcad58715c7b51a3ad04ad5b9028fc9cf7aea14f779

  • SHA512

    8e9457f6a2a5f9ec71d63d6e9cd4f2b8385a162929b24b48bf445c53e4def64dde65ef0c857338a36fdf8b8c9aeeb588879da1aba9bbc01501afab765d52db95

  • SSDEEP

    1536:V7Zf/FAxTWY1++PJHJXA/OsIZfzc3/Q8zxY5gTWn1++PJHJXA/OsIZfzc3/Q8zxN:fnyiQSox5IQSox5I

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (293) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\78d91974f82aeae31675c1bbd2620b50N.exe
    "C:\Users\Admin\AppData\Local\Temp\78d91974f82aeae31675c1bbd2620b50N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:1944

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2212144002-1172735686-1556890956-1000\desktop.ini.tmp
    Filesize

    132KB

    MD5

    ecfa09c335919e89a431bd8b902418c5

    SHA1

    ff6495ff12ef2f23f0368e827d2580070a82cc6f

    SHA256

    72b47bac52c018bd1657d425e4c0c0811a417c1efe48038e05c302bd2feb9d13

    SHA512

    3f597a6cd71ffe4560b93fab98e63670e2d213ba6bff7149d509cb196fa5b74b8ca61c101e5aac7e4a2a4cb245b1f735407d9b20c6d3e8de792350a214ca4d20

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    141KB

    MD5

    60a2f0447c1e511834eed603d1d001f3

    SHA1

    477822b96e40877031d8f64ad36aa550e7fe7754

    SHA256

    d28136c954a0f2195008cedda02e038f92e24a0e131a18c21aebe3aedfd552a5

    SHA512

    de69c7ba58e8d5766248d108255892ad4024914d2bf23207f59037532b4f14d2c0b6db58754211d86f6f4eb8dc87a5c4f1503dd771498269ec902cd6d06d06a5

    Download Submit

  • memory/1944-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/1944-26-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download