Overview

overview

9

Static

static

7

8fc3ca9959...0N.exe

windows7-x64

9

8fc3ca9959...0N.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    01-09-2024 17:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8fc3ca9959579db14810ac7e86363c80N.exe

  • Size

    57KB

  • MD5

    8fc3ca9959579db14810ac7e86363c80

  • SHA1

    51280d6796f9c4d3f9bc5d1e863cec5711fbee4a

  • SHA256

    d30c6c04e31930e3c66c06a09ebed7c1a17d1938131a5a115bd55f421ab13559

  • SHA512

    57b0d489d7cbbfd4b05cf69eff0109dae0debaa5a8e773b4326ad27d0779373cf1e38ca990af6e0aceb109c998b55f271c81beeb8355841c5faf4dc327516712

  • SSDEEP

    768:V7Blpf/FAK65euBT37CPKKQSjyJJcbQbf1Oti1JGBQOOiQJhATBaMYN353e353i:V7Zf/FAxTWoJJZENTBTY5

Score
9/10
discoveryransomwareupx

Malware Config

Signatures

  • Renames multiple (3140) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware
  • UPX packed file 4 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery

Processes

  • C:\Users\Admin\AppData\Local\Temp\8fc3ca9959579db14810ac7e86363c80N.exe
    "C:\Users\Admin\AppData\Local\Temp\8fc3ca9959579db14810ac7e86363c80N.exe"
    1⤵
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    PID:2280

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\$Recycle.Bin\S-1-5-21-3551809350-4263495960-1443967649-1000\desktop.ini.tmp
    Filesize

    57KB

    MD5

    ff0f2003249b1d237286568b57630b0f

    SHA1

    6a2a8d70ec6ba6f2e29479d63d1e97dd6651b3bb

    SHA256

    06222768c74207a40f29e72121bd3d72f875873077b346337a138572dfdf3e61

    SHA512

    9c4293e475055d36781f00c73b525c24226adfde5ad52e799a5bc0732f142da7e8e9aac62c61f25ddba7248db907a63dc4a0538953c6740ed9e1abbd64d45c4b

    Download Submit

  • C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
    Filesize

    66KB

    MD5

    d363a1426ef28d6f1e82765ab4392ea2

    SHA1

    8688f6ec043a03bdcf898724084bfe77ace6815c

    SHA256

    33307f01712ac4a3f8dd537e12a15d31d8dd7f0a4a7b2b3f528af8ee963ce8e1

    SHA512

    222cb7e4888a0bb3da5dc5aa6ae28ef12247b116c665a7d767ae2145cefa0737a5e86f24729bbdfe9fb0d4b5bd44342ab2ca5c15c88c6e476a36227a72211131

    Download Submit

  • memory/2280-0-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2280-68-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download