Overview

overview

9

Static

static

7

e643744a85...4e.exe

windows7-x64

9

e643744a85...4e.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    01/09/2024, 04:23

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e643744a854f3ac308763553f8281335d1f003251a63f8239b6222895315af4e.exe

  • Size

    47KB

  • MD5

    95301d5441b69464d7c21bd6ac66585b

  • SHA1

    973402a7c9a0bf76663f475534d5cae76d154bc5

  • SHA256

    e643744a854f3ac308763553f8281335d1f003251a63f8239b6222895315af4e

  • SHA512

    61dfc794efeef154f16fe0bf0a0df3e4d9f7cb6e544b3ddc96746f171d70e08fdc62845cfc86aa243ad6fdee78e9d731122cec78c7fdfb4d1f50d9e2152d9e5c

  • SSDEEP

    768:kBT37CPKKdJJ1EXBwzEXBwdcMcwBcCBcw/tio/tiISKSz3Jw/eReJw/eReu:CTW7JJ7TTQoQIRR

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (4135) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\e643744a854f3ac308763553f8281335d1f003251a63f8239b6222895315af4e.exe
    "C:\Users\Admin\AppData\Local\Temp\e643744a854f3ac308763553f8281335d1f003251a63f8239b6222895315af4e.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2104

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\$Recycle.Bin\S-1-5-21-3294248377-1418901787-4083263181-1000\desktop.ini.tmp
          Filesize

          47KB

          MD5

          59013436e209012a4ba402437c9d53d6

          SHA1

          5805a87fc59eb3def7af8282291a0283f08b3474

          SHA256

          dea0e85767b5b5f244cd04df078e05448b83f80c4a26131c163af3553e1211fc

          SHA512

          051dbeb3ea228b8f2b031b99dc1ce4cf53a40ab7a8a875887a7c5c7575dc2f98ebb9239366f0cbcbb1e6a65e14a51c46d8292da6080ca53897d8b00302af97fd

          Download Submit

        • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
          Filesize

          56KB

          MD5

          475bf83bb3b5593fd672b384f8d001d8

          SHA1

          949fd1a1309679f8343bae5d3a8cc8d78eaf31c1

          SHA256

          a9c203dd5713ee6dc69c59400cd5fd0b80030cae32d8361f3a7a98ebfc3a4d9c

          SHA512

          dde11e63bf6bad8af5526b881b0943382887814a33d3a30969d7a13c06123ffa37cc70f1d63cff6aeeee2847d555ec772fcad340fdef07495ece04c4f5ae9826

          Download Submit

        • memory/2104-0-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2104-75-0x0000000000400000-0x000000000040A000-memory.dmp

          Filesize

          40KB

          Download