Overview

overview

9

Static

static

7

c852fbe35a...0N.exe

windows7-x64

9

c852fbe35a...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    26-08-2024 08:20

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c852fbe35aceb8376723a393910a8780N.exe

  • Size

    1.0MB

  • MD5

    c852fbe35aceb8376723a393910a8780

  • SHA1

    c50fd70deb32ac9aac0b05f8e11b5ff9647dbcdb

  • SHA256

    40f48cee16bd5ba11b181b7ed89d1bfc8f07a6dc4955f50aba4169f288d81e3b

  • SHA512

    0cbdc29e6d739cd4f95957adf13799cd6a74cc0d3be348ee6969a222b26da06f1f482abfdbdb0ab33dd9fd64875fb050a7f9e66c9b31dcc1ea19d71ebd894f2a

  • SSDEEP

    1536:V7Zf/FAxTWoJJ7TiuHJ0l3IRNeWlo9+0hh8HpE+B0XuePAY0zs1u/ET:fny1N01IRNeWlo9+0hh8HzMu3zs1u/ET

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (561) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\c852fbe35aceb8376723a393910a8780N.exe
    "C:\Users\Admin\AppData\Local\Temp\c852fbe35aceb8376723a393910a8780N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:3040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-2257386474-3982792636-3902186748-1000\desktop.ini.tmp
    Filesize

    1.0MB

    MD5

    110e90c41f2f8a21d23ad4a1312837c2

    SHA1

    b0f4184a7d6e583469153cfc03b640eefd9ed23e

    SHA256

    727a3b016e60a9717fb2bb1d64b1980fc8f17ec00fb3ee5ce6cf2c6d06a4da56

    SHA512

    92ed73cc9c4c6bff5feeeedeb748ccad1b5dd0efe6aa7d798932d08c5513a00d7e180aeb3c21f9ef98ea7b49e781e7000353f5e9e5e68ba66eef46ad62d2b722

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    1.1MB

    MD5

    55cb7e1493579775b314971b45aec269

    SHA1

    99603e56b74ec92e84c25ac3fe473c188b4d2e96

    SHA256

    c879b570d9fbf66e5e120a320129cd5ecece015ec403e83dc004dfd1179b0377

    SHA512

    3fc72c7b16e6525dc86ef1034e331ed84dde9e6576d0da36bad251a7bae6cb4df0ae0a1e59d14c959b89eb894111f54c1baeeaf08c83176f6eb087e616f8c8e1

    Download Submit

  • memory/3040-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/3040-64-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download